In May 2021, the Colonial Pipeline cyber-attack crippled the United States’ largest fuel pipeline and caused widespread gasoline shortages. A separate attack then targeted the production lines of JBS, the world’s largest meat supplier. Both these attacks had one thing in common – they were caused by ransomware that encrypted their victims’ computer files until they paid a fee.
Although ransomware is a decades-old tactic, it has evolved from something of a minor annoyance to a serious problem that has the potential to cause untold damage and disruption. In the past five years, reports around ransomware have become more prolific as the severity and scale of attacks have increased.
The emergence of cryptocurrency has transformed ransomware’s impact. Its growing popularity and the anonymous, untraceable nature of it has ushered in a new wave of sophisticated attacks that focus on the bigger fish, businesses that have the means to pay bigger ransoms with the promise of their files being returned.
This, of course, doesn’t always happen, and the residual damage can cost far more than the ransom paid. In 2019, weaponized malware known as ‘WannaCry’ exploited a Windows vulnerability, which was discovered and kept secret by the U.S. National Security Agency, to shut down computers worldwide. This caused an astounding US$4bn in estimated damage.
The trouble for businesses is that ransomware isn’t going away anytime soon. The reason for this is simple – victims are continuing to pay ransoms in a bid to limit the damage to their businesses, which makes for easy paydays for threat actors. Yet, this doesn’t mean businesses are powerless to safeguard against increasingly brazen ransomware attacks that now often hold firms to multi-million-dollar ransoms.
Safeguarding Against Ransomware
The best way for firms to protect against ransomware is to stick to the fundamentals. On the face of it, ransomware is a relatively simple method of attack. Threat actors target and exploit businesses that have lax security and often assume, quite correctly, that this lax security translates to shortcomings in other areas, such as regular backups of important files.
In contrast, the more layers of security that you have in place, the less of a target you are to these threat actors. It’s important to remember that ransomware attackers are looking for an easy payout, so it’s in your best interests to place as many barriers between them and your files as possible.
There’s no need to deploy cutting-edge security solutions to do this, either. Safeguarding against ransomware can be as simple as covering basic best practices. Implementing network hardening, introducing robust data security policies and promoting general cyber-hygiene all go a long way in preventing this type of attack and making it easier to detect when an attack might be occurring – and prevention is always better than the cure.
At the same time, it’s important to remember that attacks are growing more sophisticated and that it’s not always possible to safeguard against every eventuality. That’s why scheduling regular backups of files and other key data are critical. After all, holding your files to ransom is likely to be of little use to an attacker if you’ve got a backup from a few hours ago.
The Role of Assurance
While organizations can implement all the layers and protections in the world, they mean very little without thorough testing and assurance. How can you be sure that your systems are working as intended if they’re not being tested?
On the testing side, “red-teaming” is a standard method for building security resilience. This involves a group of ethical hackers who are tasked with attacking your system in a controlled environment with a view to uncovering vulnerabilities that can then be fixed.
On the assurance side, there are standards like ISO 27001. This concerns the management of information security and establishes a documented risk assessment process that considers the consequences of a ransomware attack and ensures that everyone understands them by instilling learning across all levels of the business.
An independently certified ISO 27001 management system helps staff understand their information security requirements, helping to reduce vulnerabilities and provide a company-wide level of protection.
Ransomware is Here to Stay
Attacks are only going to grow in sophistication and occur on a larger scale as the cost of ransoms continues to trend higher.
By implementing basic security hygiene and a culture of robust information security management, firms can eliminate much of the risk of falling victim to a ransomware attack.