Ransomware has been around for over 30 years. Yet, for some reason, it still poses one of the most significant threats to your business. You would think that after all those years, tech security firms would have found a way to stop all ransomware attacks, but it hasn't. In fact, the opposite is true, as 2021 saw a surge of reported incidents that trumped previous records. It begs the question: Why is ransomware still a thing?
The reason for that is simple: just as cybersecurity tools and systems evolved, so has ransomware. Cybercriminals continue to elevate their craft and their processes to get through your defenses. And, as long as there's money to be made, they won't stop pushing it further anytime soon. The only thing you can do is to arm yourself with knowledge so you can adapt and keep attacks at bay.
At ITS, we are dedicated to helping equip businesses with the tools and the know-how to prevent cyber-attacks. In this article, we'll help you understand the latest iterations of ransomware so you can better defend against them.
Next Phase of Ransomware Attacks and How to Stop Them
Ransomware gangs have evolved their techniques. They are going beyond phishing emails with malicious software in links and files and have adopted more disruptive ways to attack businesses and cause damage. Take a look at some of the new methods used by these cybercriminals:
Steal and Encrypt Strategy
The general goal of ransomware is to hold your data hostage until you pay the ransom. That payment typically comes in the form of bitcoin or other cryptocurrencies, making it more difficult to trace.
However, over the past several years, US authorities and cybersecurity professionals across the globe have begun advocating against paying the ransom. That's because the payment doesn't guarantee you'll get your data back, and it only fuels the cycle to keep going.
In addition, many organizations have already implemented sophisticated data backups. That gives them the ability to restore their systems without much damage should a hacker try to encrypt their data. Unfortunately, cyber gangs have caught on since then and decided to change things up a bit. They now need more leverage to get their payout. That's where the steal and encrypt idea comes into play.
Rather than just encrypting your data, threat actors will also steal them beforehand. The hackers do it to add pressure on victims to pay the ransom. That's because your data can easily be sold to the highest bidder. For a cybercriminal, it means that they can still get something out of the attack, even if you decide to blow them off.
In the past, ransomware has been focused on the encryption of your data. However, that isn't as scary when you have a reliable backup in place. On the other hand, the threat of your data being sold online doesn't go away even if you have multiple backups. That can put your business in a very dangerous predicament that could force you to pay up.
How to Stop Them:
- Ensure you create and deploy a strong patching strategy to help alleviate vulnerabilities. Apply the latest security updates as soon as they are released.
- Continue to provide training to employees on phishing emails and their ongoing threats.
- Enforce multi-factor authentication across your organization.
- Deploy EDR (Endpoint Detection & Response virus software).
- Regularly update your backups and test frequently.
Adding DDoS to the Mix
The new approach leverages the steal and encrypt strategy but adds the twist of initiating a Distributed Denial of Service (DDoS) attack.
DDoS essentially launches a coordinated, ongoing attack on your website that eventually causes your website to crash. It's a malicious attempt to disrupt your server, service, or network by overwhelming it or its surrounding infrastructure with a flood of Internet traffic.
Once an attack is launched on your website, ransomware gangs will then demand payment for the "keys" to decrypt your scrambled website and data, or their attacks will continue. In addition, they will steal your data too. That means your backups won't be of much help in the scenario.
How to Stop Them:
- Add DDoS protection services to your cybersecurity plan. This service can detect abnormal traffic flows, which is the name of the game with this type of attack, and redirect traffic away from your network.
- Up your game when it comes to cybersecurity and all of your internet-connected devices. Ensure all patches have all the necessary security updates in place and are configured properly.
- Install EDR (Endpoint Detection & Response antivirus software).
- Configure your firewall to restrict traffic coming into and leaving your infrastructure.
- Ensure all internet-connected devices within your organization follow appropriate security measures.
Ready to Protect Your Network from Ransomware?
The thought of a ransomware attack is scary, but with the proper precautions in place, along with a strong plan, you can mitigate some of that risk. That can provide both a sense of calm and composure to react accordingly if an attack happens.
At ITS, we've helped hundreds of businesses protect their networks from all kinds of threats, including ransomware. If you want to learn more, check out our article on the 4 Security Measures that MSPs Employ to Prevent Ransomware Attacks.