The rate at which ransomware has attracted the attention of organizations and the media has grown rapidly in the past year. Ransomware attacks are nothing new-the last peak of attention on this issue was in 2017, when the infamous WannaCry ransomware ravaged the company. However, WannaCry is a small ransom, designed to collect hundreds of dollars worth of Bitcoin from each company. In contrast, recent ransomware has shifted from well-funded threat actors to high-value targets, aiming to squeeze up to millions of dollars from each victim.
Another shift in the goals of ransomware includes a significant increase in attacks on operational technology (OT) in the past year. For many of these organizations, the rapid convergence of IT and OT environments has exposed technology and skills gaps that they must quickly resolve to protect themselves from the growing threat landscape.
When addressing this persistent threat, it is important that the government’s focus, in addition to education and provision of resources to guide the organization, should also be placed on disrupting criminal activities and economic drivers so that this threat vector can grow. At the same time, for private organizations, the focus should be on reducing the attack surface and building the correct foundation for a comprehensive security plan.
Thanks to coordinated actions taken by governments around the world, we can argue that the peak era of ransomware is just around the corner, and this threat may begin to diminish. Although the rise of cryptocurrencies has ushered in a new era of ransomware, the good news is that these transactions are recorded in some digital files, and law enforcement agencies are increasingly effective in finding ways to track ransom payments. With increasing pressure to regulate cryptocurrencies around the world, any measures that can limit the anonymity of transactions will make criminal activities more difficult. Unfortunately, when criminal activities are supported by nation-states, no individual can solve this problem. It must be solved by the international government alliance.
In addition to addressing the traces of ransom payment, we have also seen a huge shift in the government’s focus to address the potential problems of poor security of critical infrastructure.From executive order to Requests for information (RFI) from federal agencies such as the Department of Energy, Protecting our critical infrastructure has never been a higher priority. Guidance and advice is an easy way to help organizations, but increasing government regulation and authorization is usually the actions needed to incentivize the level of investment required by highly regulated industries to raise security plans to a sufficient level to resist many of these attacks.
An urgent topic of discussion is whether the government can or should make ransom payments illegal. If the organization will not and will not pay the ransom, the economic driving force behind these attacks will no longer exist. In many cases, the ransom payment may be partly included in the network insurance policy. Although network insurance companies may also be unwilling to pay the ransom, they operate in a highly competitive market, and any insurance company will refuse to pay the ransom and put themselves at a disadvantage. Similarly, the responsibility for changing market dynamics lies with government actions.
No payment, no points…or not?
Due to limited or no economic results, ransomware will lose its appeal as a valuable attack vector. This raises the obvious question: “What’s the next step?” If there is no ransom, criminals will look for alternative ways to profit from attacks. Shifting the focus to selling the company’s private data and intellectual property on the dark web market could see substantial growth. If the ransom payment is successfully prevented, the organization with the most valuable and easily monetizable data will become a bigger goal.
When organizations want to protect themselves from future attacks, the answer is not as complicated as you think. Exploiting misconfigurations, known vulnerabilities, and methodically working through phishing and malware from the initial entry point to gain access to sensitive systems will still be hallmarks of most such attacks, regardless of the vulnerability or whether it will be monetized In order to obtain economic benefits.
Focusing on basic security controls and executing them well is the best way to enhance the system’s resistance to attacks. This includes ensuring that you understand what is in your environment, ensuring that everything is configured correctly, addressing vulnerabilities, restricting administrator access, and developing an incident response plan. Ransomware has received much attention now and may never disappear, but the theft of credit card numbers and hacking have been the focus of attention before, and the future will be new. Let us continue to pressure the government to do their part and focus on what we can do in our own organization to complete our work.
