Ransomware and threat actors are maturing – don’t be a laggard

Information and security professionals face the uncomfortable and bleak reality that ransomware will only get worse in 2022, increasing in its sophistication, frequency, and volume.

Ransomware continues to be aided by the consistent disruption caused by the pandemic, the adoption of new technologies that increase data generation and information sharing, and the ongoing remote working by millions who are based outside the perimeter defences of their office’s network.

The numbers paint a sobering picture, with Singapore’s CSA reporting a 154% increase in ransomware cases in 2021 over the previous year, and the average cost of a ransomware attack on financial services organisations in Asia-Pacific and Japan rising to over US$2.62 million according to Sophos.

Many organisations understand the threat that ransomware poses to their operational continuity. For some it is a harder challenge to manage, often not knowing where to start or who must lead the charge; and for others there are alternative challenges considered to be of higher priority or urgency.

However, the Singapore government recognises the danger. The Singapore Cybersecurity Strategy 2021, launched last October incorporates a “zero trust” approach to protecting government applications and information technology systems by verifying that all activities taking place on them are safe.

To combat this increasing challenge of ransomware, CISOs and CIOs – along with their CEOs and boards – must make themselves aware of the threats facing their data and IT environments. This starts by adopting an unprecedented level of focus to find gaps that exist in their management and governance of data, so they can deploy the right strategies to comprehensively protect their technology infrastructure and the data it houses.

However, the obstacle for many is how to do this without disrupting their older technology or eliminating the productivity benefits of new technology, such as cloud applications, which have been introduced since the onset of the pandemic, and without disrupting remote or flexible working.

Ransomware and cybercriminals are growing up

Ransomware continues to mature, becoming more sophisticated and targeted. A report by the Singapore Computer Emergency Response Team found that the increase in number and type of ransomware cases locally resulted from, or was very likely influenced by, the major global trends.

The CERT identified three distinct types or tactics of attack:

  • Firstly, criminals are switching from opportunistic attacks to targeting large businesses with high-value data that could result in a higher ransom payout, which is termed “Big Game Hunting”.
  • The second is the “Leak and Shame” type of attack, whereby victims are threatened with exposure of their stolen data unless a ransom is paid. This is becoming the tactic of choice in attacks against organisations in multiple industries around the world.
  • The third type of attack is ransomware as a service (or RaaS), which is seeing cyberthreat actors develop and maintain the malware code which their affiliates then use for attacks.

A February 2022 advisory issued by CISA, FBI, NSC, Australia’s Cyber Security Centre and the UK’s NCSC revealed that malicious actors are now leveraging “cybercriminal services for hire”, demonstrating the criminal business opportunities being generated by ransomware, to help “negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals”.

In fact, the UK’s NCSC has found “that some ransomware threat actors offered their victims the services of a 24/7 help centre to expedite ransom payment and restoration of encrypted systems or data.”

Turbocharge your organisation’s data protection capabilities 

To combat and counter this evolving threat of ransomware, a new approach must be taken to data security. Proactively protecting against cyberthreats, especially ransomware, and enhancing security postures goes beyond simply improving network or endpoint security – you must focus on what the attackers seek, your data.

The double blow for most organisations is that not only is ransomware becoming even trickier to handle, but many also rely on legacy data management technology which forces them to take a “DIY” approach to managing and protecting data due to having to manage multiple products from multiple vendors. This causes time sinks for already-stretched IT teams and higher costs of total ownership, as legacy platforms are not designed to run as a part of an integrated technology environment and do not stack up against the sophisticated cyberattack techniques of today.

In fact, the attack surfaces of organisations are significantly extended by isolated and old technology, which doesn’t share common security policies or provide visibility to IT teams of irregular behaviour and potential threats present within organisations’ technology ecosystem.

The good news is that some organisations are maturing in their data protection and security approach, and as a result are strengthening their overall security posture by adopting next-gen data management platforms that align to their current needs, built on upon capabilities that deliver simplicity at scale, zero-trust security principles, AI-powered insights, and third-party extensibility.

These capabilities help bring together security, data intelligence, and risk management, which all play a vital role in protecting data. The right next-gen data management technology will:

  • Have immutability baked-in and not be an afterthought.
  • Detect anomalies via AI and machine learning.
  • Reduce data proliferation or duplication.
  • Support an automated or rapid recovery should the worst happen.

Additionally, organisations should embrace the 3-2-1 rule to data backups, ensure data is encrypted both at transit and at rest, enable multi-factor authentication, and employ zero-trust principles.

Ransomware and its rapid proliferation are only going to get worse, with attackers as focused as ever on stealing valuable data and extorting their victims, as revealed by warnings from some of the world’s leading cybersecurity bodies.

Relying on what has always been done or what has always been used will only leave your organisation in a state of regret when ransomware strikes and disrupts your operations, damages your reputation, and decreases your revenue. With ransomware attacks occurring globally almost every 10 seconds, can you afford to be left behind?