No doubt you’ll now be familiar with the term Ransomware, and I’m sure a number of people will have had first-hand experience of its devastating effects. In the past 18 months we have seen a significant increase in the amount of ransomware attacks and infections in control system environments, and more concerning is the sheer number of unique variants of Ransomware being detected in the wild. Developers of ransomware are not sitting on their hands either, they may have an effective product, but with a continuing fight to stop them they are forced to be creative and adapt to remain profitable.
So what's new?
Some of the latest variants of ransomware are designed to be significantly faster than previous versions. This massively reduces the time taken to encrypt the entire system, it also reduces the CPU and disk loading, making in progress detection more of a challenge. In earlier versions of ransomware, the engine was set to encrypt the entire file, rendering it totally useless. This overall was a quite time-consuming process. The newly released engines are making huge improvements on this by only encrypting the first few KB of a file, which is still enough to render it useless, and not openable by applications, but drastically reduces the CPU time, and makes benefit of the more modern faster multi core CPU’s. The end result is infections happen much faster and are still as effective.
SaaS, PaaS and now RaaS
Part of the reason we are seeing a huge increase in the variants of ransomware is partially down to a change in the business model from the ransomware developers. In simple terms, they are not just supplying the end user, they are now recruiting channel distributers.
Threat actors such as LockBit are now offering ransomware as a service (RaaS), which has enabled the less capable cyber criminals an easy route into mass ransomware distribution. Certainly, an element of working smarter, not harder here.
For a nominal fee you get a customised ransomware kit, and all the help and support to distribute it. When a victim is taken, then there is a 70/30 split on the payment. 30% of all paid ransoms adds up to a significant volume when you consider that it’s expected that attacks will total £20 billion by the end of 2021. More alarmingly, it’s been calculated that a business is affected by Ransomware every 11 seconds globally.
The rising costs?
In 2021, the largest pay out for ransomware was a US insurance company who settled at $40 million, which sets a new world record. The average requested ransom for mid-large companies has also seen a significant rise from $5,000 in 2018 to an eye watering $200,000 in 2020. In 2021 to date there has been a 62% increase in reported ransomware infections.
Ransomware is a very serious threat to organisations, and it doesn’t discriminate. I'm sure you’ll remember the time the UK NHS was affected with WannaCry. We are also aware of a number of charities that have been affected. Although we have been made aware of a few charities that were given the data back for no charge, I guess some cyber criminals do have some morals!
The NCSC has observed an increase in attacks against the UK education sector and manufacturing facilities during the last year. They also report an increase in the number of victims who pay the ransom rising from 26% to 32%. Whilst more people are willing to pay the ransom, this will fuel the fire and we will likely see a continued rise in the ransomware space.
Protecting your ass(ets)
A robust cyber security and cyber resilience strategy should give you protection from ransomware. There are two ways in which to look at this, firstly, protection and prevention. The design of this is to prevent infections and to stop the payload being delivered. This second and arguably the most important is cyber resilience, in short, how do you recover from an incident and save your organisation from paying the ransom?
It is a good idea to have a well-structured approach to cyber security, which is built around people, process and technology. Educating staff around cyber security will pay significant dividends, as humans tend to be the primary target when looking to get access into an organisation. Staff that are cyber aware as much less likely to open spurious emails or click on phishing traps.
Processes are just as important. Knowing what to do in the event of an incident could well save precious time or prevent further damage. I would always advocate having a plan, and then dry running it at least annually. Most organisations run annual fire evacuations drills, and I would say these cyber incident drills would be equally important. One saves lives, one will save the business.
What about the technology?
There is a bewildering array of technologies out there, and it can be a mind field simply trying to understand which will be the correct fit. That is where SolutionsPT can help, we have a wide portfolio of products, partners and services which we believe to be best in class. We have selected these to be a complimentary blend to each other, whilst also providing you with the widest array or protection and resilience.
Contact Us today to have a discussion around your cyber security strategy, and how we can help you strengthen and protect you organisation.