01 September 2021
How to combat the growing threat of ransomware attacks?
There has been a significant growth in ransomware attacks in Australia and even other countries where hackers are especially leveraging the Covid-19 outbreak to dupe netizens. According to a report by Cybersecurity Ventures, by 2021, one business entity will succumb to ransomware attacks every 11 seconds, up from every 14 seconds in 2019.
Ransomware, defined in the simplest terms, is malicious software that secretly seeps into your computer or data center and encrypts some/all data using a unique key that can only be decrypted and accessed using the same key. Attackers then demand a ransom to let you gain access to your data. According to Datto, American cybersecurity and data backup company, ransomware costs businesses more than $75 billion per year.
Some common types of ransomware attacks include:
- Crypto malware gains unauthorized access to IT systems and encrypts valuable data and files, disrupting IT operations. The hacker demands payment to hand over decryption keys.
- Lockers block users and administrators from logging into their systems, blocking access to files and applications. The attacker demands a ransom to grant access and restore systems to normalcy.
- Doxware, also known as extortionware, obtains sensitive information and threatens to publish it online, putting confidential, mission-critical business data at risk. As businesses are responsible for protecting their user data, this situation can disrupt legal compliance.
Most of the ransomware attacks start with a phishing email. A simple click with a link to download a malicious attachment can be the gateway to a successful attack. With the ongoing stress and uncertainty of the coronavirus pandemic, people are more vulnerable to fall victim to carefully designed phishing attacks.
Amidst rising Coronavirus cases, there has been a significant increase in the ransomware attacks on hospitals and healthcare institutions. However, this doesn’t mean others businesses are safe. Many companies are succumbing to these attacks as many of their employees are working remotely in insecure networks. The coronavirus crisis is impacting business revenues and cash flows already, and a successful ransomware attack on top of it will impact business continuity drastically.
Use-cases of Toll Group and Epiq Global, among others
Ransomware and related attacks worth about $241 million were reported in Australia alone in 2019, according to a new report. The attacks have continued in 2020, with the Australian logistics company, Toll Group, being hit by a ransomware attack on 31 Jan 2020. The company, with over 40,000 workers, had to shut down, disable and isolate its systems and resort to manual processing of the massive amount of data it deals with daily. On 26 Feb 2020, a ransomware attack impacted Talman Software, which serves 75% of the Australian wool industry. As a result, the whole wool buying and selling system went offline across Australia and New Zealand.
Globally, organizations are focusing on digital transformation initiatives—making them primary targets of ransomware attacks. On 29 Feb 2020, a ransomware attack on legal services giant Epiq Global had quickly spread and affected all computers across their 80 global locations. On 2 Mar 2020, Visser Precision LLC, US-based aerospace, automotive, and industrial parts manufacturer, fell victim to a ransomware attack by the DoppelPaymer group. It affected industrial giants Lockheed Martin, General Dynamics, Boeing, Tesla, and SpaceX, among other companies who subcontracted work to Visser Precision LLC.
Paying the ransom doesn’t guarantee recovery, especially if hackers are amateurs. They buy ransomware on the dark web without having the technical proficiency to infect networks, thereby failing to decrypt data.
Mitigating the Risk of Ransomware Attacks
The approaches to mitigation vary from business to business. Some conventional approaches to reducing the risk are:
- Backup business-critical and sensitive data periodically on local machines, removable hard risks, and the cloud
- Segregate your networks and systems so that a successful attack on one subsystem doesn’t transmit to others and mitigates that impact
- Perform necessary software and OS updates to ensure software is up to date and secure enough to mitigate the vulnerabilities
- Review your existing endpoint security solution for its readiness and capability to protect against ransomware attacks. If it’s inadequate, upgrade to a suitable alternative solution.
- Deploy modern security solutions for email and web security.
Secure remote working with web and endpoint security
The coronavirus crisis has been an opportunistic moment for cybercriminals. The workforce across the globe is working remotely, either from home or any other location; and many employees are using personal devices for work—accessing corporate data using their home networks. Home networks are not as secure as office networks and result in compromised security, offering a gateway to cybercriminals.
How do you strengthen the security posture of your remote workers? Securing endpoints and web access is the key! Endpoint security secures laptops, mobile phones, tablets, and other device connections that tap into corporate networks.
At FirstWave, our solution provides comprehensive, state of the art endpoint security—protecting devices like PCs, Macs, and mobile phones and letting remote workers access corporate applications securely. Moreover, it provides web security to prevent data leaks and protects from malicious web content; and employs cognitive threat analytics for enhanced security.
We all hope that the disruption to people’s lives and work from Covid-19 will end soon and we pray for everyone’s well-being. However, even when we get over Covid-19, remote working will be the new norm across many companies. Don’t forget to secure remote working with FirstWave Cloud as business continuity is more important than ever before!