The rise of Ransomware: any end in sight?

A cybersecurity icon projecting from a laptop screen.
(Image credit: Shutterstock / song_about_summer)

The digital menace known as ransomware has escalated into a boardroom headache. Once quite a niche cyberthreat, these malicious criminal schemes now paralyze businesses large and small, encrypting vital data and demanding hefty ransoms for its return. Technology leaders are warning of a future powered by artificial intelligence, where attackers craft ever-more-devious encryption tools. Yet, amidst the digital mayhem, some optimism persists - if businesses adequately reinforce their cyberdefenses.

Whether companies can weather the storm ultimately comes down to whether they understand the dangers posed and, more importantly, the practical steps to safeguard their digital assets against ransomware.

Jamie Moles

Senior Technical Manager at ExtraHop.

Recognize the ransomware epidemic

The once-fringe threat of ransomware has morphed into a sophisticated, billion dollar criminal enterprise, seen in 2023 when it exceeded $1 billion. What began as a tactic deployed by opportunistic hackers has ballooned into a global extortion racket, with organized cybercrime groups employing advanced encryption techniques and psychological manipulation tactics to cripple businesses and institutions.

This escalating threat landscape poses a significant challenge for modern corporations, demanding a recalibration of cybersecurity strategies to address the evolving tactics of the digital shadows.

Understand the rise of RaaS

Ransomware-as-a-service (RaaS) has become a game-changer in the cybercrime landscape. The insidious business model allows anyone, regardless of technical expertise, to become a ransomware attacker.

Just imagine ‘Deliveroo for malware’. Developers create and maintain the malicious software, while affiliates simply rent access and leverage the tools to launch attacks. RaaS marketplaces provide a one-stop shop for aspiring cybercriminals, offering everything from customer support to malware updates. This low barrier to entry has fueled a surge in ransomware attacks.

One of the most prominent cases of RaaS in history was seen with the DarkSide attack on Colonial Pipeline in 2021. The attack left hundreds of Americans facing gas and supply shortages after Colonial Pipeline, the owner of a pipeline system carrying fuel from Texas to the Southeast, suffered a ransomware attack on its computer systems. Colonial Pipeline ended up paying a staggering $4.4 million in ransom, which left the company struggling to restore operations.

Learn from the LockBit case

The rise of ransomware is epitomized by the LockBit attack, a particularly virulent strain that rose to prominence in 2019, and accounted for nearly half of all ransomware attacks in 2022. This malware employs a "double extortion" tactic, encrypting vital data and threatening to leak it online if ransom demands aren't met.

Operating as a RaaS, LockBit allowed a network of criminals to target a wide range of victims, from corporations to critical infrastructure providers. LockBit operators went as far as to offer a $1 million reward to security researchers and ethical or unethical hackers who could improve its software security. Its ruthless efficiency and adaptability has highlighted the growing dangers posed by ransomware.

LockBit's success serves as a stark wake-up call for the cyber industry. Traditionally focused on perimeter defenses, the industry must adapt to this new reality of aggressive and adaptable attackers. This necessitates a multi-pronged approach.

On one hand, cybersecurity firms need to develop more sophisticated detection and prevention tools to stay ahead of the curve. On the other hand, a cultural shift is required, prioritizing employee training and incident response planning. Ultimately, the cyber industry's ability to mitigate the rising tide of ransomware will hinge on its capacity to innovate and foster a more proactive security posture.

Prevent employees welcoming the bad guys in

For many firms, the digital perimeter resembles a crumbling Cold War watchtower - poorly maintained and inadequately manned. Legacy systems, rife with unaddressed vulnerabilities, offer easy access for attackers.

Authentication protocols, which are too often weak, provide easy entry points for stolen credentials. Most concerning, perhaps, is the human element. Unschooled employees remain susceptible to phishing scams, unwittingly downloading ransomware with a single click. These shortcomings paint a grim picture for many businesses.

Despite this, there is a remedy. Businesses can solidify their employees' cybersecurity knowledge by implementing regular training that blends foundational awareness topics with job-specific best practices. This training should be engaging and updated frequently to reflect the evolving threat landscape. Leaders can cultivate a culture of security by acting as role models and encouraging open communication about cyber risks. Periodic reminders and testing can also solidify employee understanding and ensure they retain crucial cybersecurity practices.

Speed up defense awareness to action

A key solution for securing businesses against ransomware attacks is Network Detection and Response, or NDR. NDR systems are the digital equivalent of a well-trained guard dog. These watchful tools continuously scan network traffic, detecting anomalies that might signal a ransomware attack in progress.

Unlike its canine counterpart, NDR operates with millisecond precision, identifying suspicious activity – unusual data exfiltration attempts or unauthorized access efforts – in real-time. This swift detection empowers security teams to act quickly, potentially quashing the ransomware threat before it can encrypt a company's data.

NDR systems can also recognize the telltale signs of ransomware encryption, allowing for the swift isolation of infected devices, thereby preventing the contagion from spreading throughout the network. In the escalating war against ransomware, NDR stands as a crucial line of defense, offering a multi-layered approach: identifying suspicious activity, facilitating a rapid response, and containing the threat before it can wreak havoc.

Make RaaS a bygone threat

The future of ransomware may be bleak for companies of interest to hackers, with the specter of AI-powered attacks looming. However, this doesn't necessitate surrender. By acknowledging the threat, prioritizing cybersecurity investments, and fostering a culture of security awareness within organizations, businesses can fortify their digital defenses.

We've listed the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

TOPICS

Jamie Moles is Senior Technical Manager at ExtraHop.