While many industries face new challenges, it was a very good year for the Ransomware business.
We call it a business because there is an entire network of criminals now selling Ransomware kits on the dark web. With Ransomware as a service readily available, there is very little a hacker needs to know in order to start targeting and attacking small businesses.
You can read our step-by-step account of a real Ransomware attack here.
According to the FBI, Ransomware in 2020 has disrupted patient care at up to 510 US Healthcare facilities. Schools and city governments have also made recent ransomware attack news. Still, over half of all ransomware attacks are on small businesses. The average ransomware demand in 2020 was $178,000, according to research from Cloudwards.net.
Ransomware is becoming so profitable, it's even causing new partnerships to form in the hacker community. Check out what's new in the Ransomware threat landscape below...
How Ransomware is Evolving
There has been evidence in recent attacks that hacker groups specializing in malware perform the initial compromise, then leave the digital door open for actors running Ransomware as a service to move in on someone's network.
The Ransomware itself is also getting more sophisticated. The newer software is often able to trick the old signature-based detection methods. Ransomware can behave differently too. Where it almost always used to encrypt and lock up systems, businesses are now at risk for hackers selling their data that gets scraped to competitors or posting personal information online.
Doxing individuals within an organization is becoming a more popular Ransomware practice as well. Doxing is when private or personal information is dug up on someone in your organization. Hackers then threaten to go public with the info unless the ransom is paid. The more ways the bad guys can exhort a business, the bigger the pay day they can get.
What are the Best Forms of Ransomware Defense?
One type of ransomware defense that shows promise is called canary files. These files are put on a network as bait. Canary files can shorten the time between infection and detection. Breaches don't always reveal themselves right away. Bad guys can poke around your network for months looking for goodies before moving to the ransomware stage of attack.
Canary files are supposed to alert users the moment a malicious file has infiltrated their network.
Because most backup software has the ability to roll back to the last backup before infection occurred, knowing exactly when you became compromised is crucial to mitigating the damage from the attack.
Canary files get their name from the old practice of miners carrying caged canaries into coal mines. The birds would be the first to die from the presence of methane gas in the mine--giving the coal miners critical time to escape.
A canary file looks like a valuable file, but its only purpose is to sound the alarm as soon as it's accessed and read.
When business owners are weighing their options on what type of Ransomware protection to invest in, look for methods that take a proactive approach. This includes:
- Employee cyber education.
- Threat hunting software.
- Phishing and ransomware simulations to test network and human vulnerabilities.
Simply adding ransomware to your endpoint detection is no longer effective for stopping newer ransomware attacks. In fact, it's estimated that endpoint detection and response (EDR) is only effective at stopping 1% of ransomware attacks, according to global technology security provider NTT.
Cyber Insurance Facts
As attacks continue to get more complex and widespread, even small businesses are investing in cyber insurance. While policies can help mitigate catastrophic financial losses that result from data breaches, if your only recovery option is negotiation with hackers, you'll need an experienced ransomware negotiator on your side. They can contact the bad guys on your behalf and hopefully reduce your payout while getting all of your files back.
While cyber insurance is not bad to have, it's important to read your policy carefully to understand exactly what type of attacks are covered. Most cyber insurance policies won't help you:
- Recoup potential lost profits.
- Recover from the loss of value to your business due to theft of your intellectual property or customer data.
- Pay for improving internal technology systems to prevent against future attacks.
It's important to have a cybersecurity partner who understands the dark web, today's attackers, and the ins and outs of your network. This partner is crucial to have before, during, and after an attack.
Need to discuss ransomware strategy for your business in 2021? Contact us today.