Why Are Ransomware Attacks on the Rise?
Ransomware is hardly a new threat for businesses. In fact, it’s been around as long as the world wide web, with the first such incident of what would today be called ransomware taking place as far back as the 1980s.
But it’s only in the past few years that ransomware has become part of the everyday vocabulary of cybersecurity specialists. Some estimates suggest the number of ransomware attacks almost doubled last year when compared to 2020, while cybersecurity organizations such as the US Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Centre have issued warnings about the growing threat this poses.
So why has ransomware jumped up the list of cyber risks so quickly? There are a number of factors that go into this, but a common theme is that these attacks are easier and more inexpensive to pull off than ever, while offering the prospect of very high rates of return for cybercriminals.
Changing Working Patterns
One of the biggest impacts on ransomware trends in the last couple of years has been a major shift in working patterns in many businesses – in particular the rise of hybrid and remote working brought about by the COVID-19 pandemic.
Indeed, it’s estimated malicious emails increased by 600% at the height of the pandemic, with 36% of cyberthreats relating to ransomware or other malware. With more employees working from home, it may be harder to verify whether messages are genuine. If they are connecting from outside the company’s network perimeter, or using personal devices, it may be difficult for traditional anti-malware technology to block these incoming messages.
With many firms now making these practices a permanent part of their operations, this presents many opportunities for hackers to target isolated employees who have become familiar with using digital channels like email as their main way of keeping in touch with colleagues.
Greater interconnectedness among businesses is also a factor in this, as it’s now easier than ever for cybercriminals to spread their ransomware by targeting firms such as managed service providers (MSPs), which can then spread the infection through the supply chain to other businesses. This offers opportunities for hackers to infect many more organizations with minimal effort. This attack vector has been seen in many large-scale attacks such as the SolarWinds and Kaseya hacks in recent years.
Higher Reputational and Regulatory Penalties
Another factor that may make ransomware a more tempting option for cybercriminals is that public exposure of data can be much more damaging than in the past. For starters, people are now much more aware of their online privacy than in previous years, and have little tolerance for businesses that fail to protect their data.
At the same time, the legal consequences of failing to prevent data breaches are also higher than ever. Data privacy laws like GDPR and CCPA come with the threat of high fines for failings, while there is also the risk of class-action lawsuits from affected customers if their personal details are compromised.
In previous years, a ransomware attack wasn’t necessarily synonymous with a data breach. While they may have been highly disruptive for businesses, companies could at least be reasonably certain that the data itself wasn’t compromised, so the long-term impact on customers would be minimal once access was restored. But this is no longer the case.
By adding data exfiltration technology to their arsenal, attackers can now easily gain large amounts of sensitive information in addition to encrypting files, such as customer personal data or secret R&D details. They may then sell this on the dark web, or use it as blackmail material against the company, threatening to expose it publicly.
This can come with a wide range of costs, which may be one reason why many businesses determine that paying up is the easiest and quickest way to deal with any issues. In fact, some estimates suggest as many as 83% of targeted businesses in the US paid a ransom in 2021.
Easier Access to Ransomware Tools
Getting operations up and running, minimizing downtime and limiting reputational damage all act as powerful drivers to incentivize payment, and as long as this remains the case, cybercriminals will continue launching ransomware attacks.
In fact, changes in technology mean that ransomware can be a very inexpensive way of targeting a business, which, coupled with the high rates of payment make it a very profitable enterprise. Indeed, new offerings such as ‘Ransomware-as-a-Service‘ can be easily found on the dark web.
Like other, legitimate ‘as-a-Service’ products, this provides criminals with all the tools they need to launch an attack, with the authors of the software generally taking a cut of any proceeds in return.
Sophisticated tools may come with complete dashboards showing users the status of their attacks, number of files or devices infected while also providing an easy way of accessing payments. These kits therefore greatly lower the costs of entry for ransomware attackers, both in terms of the time and skill required.
With these factors set to continue driving ransomware trends for the foreseeable future, it’s vital that firms have the right tools in place to defend against them. In addition to traditional tools such as anti-malware and perimeter defenses, dedicated anti-ransomware and Anti Data Exfiltration (ADX) technology will have major roles to play in shutting down the most dangerous ransomware attacks before they have a chance to do damage.