Ransomware often makes me feel like a broken record. This is not surprising given that the first documented attack, known as the AIDS Trojan, took place in 1989 — and 33 years later, businesses are still falling for it.
Today we see large-scale ransomware attacks by groups like The Maze, Conti, Darkside, and ReEvil dominating news headlines, while closer to home in Singapore, the country’s Cyber Security Agency, just announced plans to establish a dedicated inter-agency task force to counter ransomware threats, on the back of a 54% increase in these attacks in Singapore between 2020 – 2021.
The truth is, despite government crackdowns and the increasing availability of new-fangled security tools, ransomware attacks continue to increase, for the simple reason that they are still profitable. In fact, the last few years have provided fertile ground for these kinds of attacks with the COVID-19 pandemic, widespread political turmoil, and the ongoing conflict in Ukraine leaving individuals and businesses more vulnerable.
In our recent Threat Spotlight report, we analysed 106 highly publicised attacks between August 2021 and July 2022 in Southeast Asia and across the globe, finding that businesses continue to be the number one target of these attacks, with certain industries standing out as prime targets. This includes educational institutions which saw attacks double over the past year, and the healthcare and financial sectors which saw attacks triple. Interestingly we also saw infrastructure attacks quadruple, indicating that financial gain or data theft may not be the only motivations for ransomware criminals.
Unfortunately for businesses, the increasing availability of ransomware on the dark web means that even the most inexperienced criminal can now launch attacks, and whilst security companies and governments strive to close the security loop, entire task forces of organised crime syndicates are dedicating themselves to finding new ways to extort lucrative new targets.
But why are we still falling for it, and what can be done?
The main reasons that businesses continue to succumb to these attacks tend to be the lack of cyber-hygiene education, resources, and the tools to defend against ransomware. These may also be why smaller businesses continue to be low-hanging fruit for cybercriminals looking for an easy win.
Ultimately, ransomware affects businesses of all sizes, and is not going away any time soon. Threats will continue to evolve as security companies, governments, and ransomware criminals continue their cat-and-mouse game, so it’s important that businesses make sure they are at the very least doing the basics to stay protected.
At the end of the day, until zero ransoms are being paid worldwide, ransomware will continue, and whilst efforts to avoid or recover ransomware payments are helpful, preventing these attacks in the first place is always going to be a better strategy than remediation.
But where to start?
Firstly, there isn’t a one-off solution for preventing these attacks. Instead, it is key to have a multi-layered security program in place to detect potential threats, prevent malware intrusion, and allow for a fast recovery. The main point here is that any business should be able to do these things, and they really could make or break your business in the event of a ransomware attack.
- Train your team
Making sure your team is up to speed and in the know about ransomware is crucial. A defensive posture is best, with training, so that each team member knows how attacks happen, what to look out for, and the do’s and don’ts when it comes to good cyber hygiene. Each employee must play their part in keeping your organisation safe; they are your first line of defence.
- Update your systems, control access, and permissions
Ensuring that your computer operating systems and software are up to date with all the latest patches will go a long way in closing any potential vulnerabilities, whilst establishing policies and permissions around network access and permissions. Choosing a zero-trust access solution that enables role-based access, multi-factor authentication and continuous verification of user and device identity will help to limit the risk of attacks being launched via untrustworthy software and applications.
- Cover all your security bases
Next, ensure that you have comprehensive protection against the most common threat vectors, including AI-powered email security protection, web filters, web application firewalls for your website, network firewalls with advanced threat protection, and endpoint antivirus software.
- Don’t forget to back up!
Lastly, it should go without saying, but the number of times we see businesses not doing this makes my head spin, so it’s worth saying anyway: Back up your company files and documents frequently and in multiple locations. This is where cloud becomes important, as replicating your back-up data to a secure cloud storage can remove your stress, and so is the likelihood of unrecoverable data in the event of a ransomware breach.
To conclude, as ransomware attacks continue to escalate, we are reminded that this is not a problem that is going away any time soon. It’s crucial, therefore, that businesses take this threat seriously and play their part in educating their workforce and putting the various security solutions and programs in place, to avoid attacks and stop paying the ransom.