The next wave of ransomware in 2022
By Edwin Weijdema, Global Technologist, Veeam
Ransomware as a trend will continue to affect businesses across the world in 2022 – with attack types and tactics from cybercriminals evolving all the time. As attacks get more sophisticated, so do the consequences of falling victim to ransomware and the complexity of the clean-up.
The stakes are therefore higher than ever for businesses when it comes to protecting against ransomware attacks. Organisations need to understand the emerging trends that we will see gather speed throughout 2022 and prepare their defences for the ransomware onslaught.
Make your business insurable: The tension between insurers and businesses affected by ransomware is mounting. In EMEA we have already seen global insurance giant AXA announced that it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.
Furthermore, the Dutch government has considered banning insurers from covering the cost of ransom payments made by businesses operating in the Netherlands. With insurers overwhelmed and frustrated by ransomware claims, underwriters will tighten up their policies to ensure clients are meeting predetermined conditions such as investing in appropriate cybersecurity and employee training before paying out.
Watch out for triple extortion: This technique designed to make businesses pay more and pay faster involves extending the attack to the victim’s customers and partners. Traditionally, ransomware attacks involve cybercriminals locking down and encrypting systems then demanding a ransom payment to regain access.
In 2019 ransomware strains such as DoppelPaymer gave cybercriminals the ability to lock down systems and exfiltrate data simultaneously. Not only can attackers demand ransom money for regranting access to key IT systems, but they can also threaten to publish exfiltrated data online if the victim didn’t pay up. Triple extortion involves a third element – directing the attack beyond its initial target, using multi-layered extortion techniques to harm the victim’s customers and partners.
Minimise the threat within: Various studies suggest that over 60% of data breaches and cybersecurity incidents are caused by insider threats. Disgruntled employees understand the power they have in terms of opening the doors to the outside. Equally, perfectly satisfied employees who do not grasp the importance of practising good digital hygiene can be equally dangerous.
Digital hygiene is the first line of defence for an organisation. Using two-factor authentication and restricting file access to only those who need it are ways of limiting the amount of damage a single user can do if security is compromised intentionally or unintentionally. Furthermore, training and education are vital to making sure employees are confident identifying and reporting potential attacks.
Beware of the slow burn: Advanced Persistent Threat (APT) attacks involve unauthorised users gaining access to a system or network and remaining there for an extended period of time without being detected – waiting for the right opportunity to steal valuable data. Cyber-attackers are clever about choosing the right time to strike and maximising their chances of getting an easy payday by compromising a company when they are at their most vulnerable or when the stakes are highest.
For example, an attacker may be ready to take your systems down and exfiltrate data but know that your company is due to IPO in a few months. It, therefore, makes sense to wait it out and take you down at the moment you need the operational and reputational damage least and will be most willing to payout to end the attack.
Enforce the law: Law enforcers are trying to bridge the imbalance between risk and reward for cybercriminals. Cybercriminals can make huge sums of money with little or no threat of prosecution. This will and has to change. However, given the borderless nature of cybercrime, governments must agree on an international legal framework for punishing cybercrime. Until then legal action will mainly be directed towards the victims rather than the criminals.
Many governments are debating whether they should make ransomware payments illegal, so businesses resist the temptation to pay ransoms – cutting off cybercriminals’ income supply. Moreover, cryptocurrencies like Bitcoin, commonly viewed as a hacker’s dream, actually have the potential to help law enforcers bring criminals to justice. Digital ledgers like Blockchain make it easier to ‘follow the money’ as records cannot be altered or deleted. Therefore, once criminals turn their cryptocurrency into ‘real money’, the digital ledger can theoretically unmask them.
Protect your data: Everything from the advancing threat landscape to changes in the way the legal and insurance sectors view ransomware payouts puts the onus on data protection and cybersecurity.
Organisations must consult with their technology partners about deploying Modern Data Protection solutions that can detect, mitigate and remediate ransomware attacks. Data must be backed up and recoverable across physical, virtual, cloud, SaaS and Kubernetes so that in the event of a ransomware attack, businesses can remediate and recover quickly rather than being forced into paying the ransom.
As well as implementing Modern Data Protection solutions, businesses must prioritise improving digital hygiene levels across their entire employee base. Employee education and awareness training can help to create a more digitally secure culture across the organisation. A ‘human firewall’ combined with the right technology can help organisations prepare themselves for the ransomware attacks that will inevitably come their way in 2022 and beyond.