Ransomware...will it ever end?
Typically, Ransomware attacks are launched by a hacker using phishing attacks or via drive by browsing or downloading. Ransomware attacks have become so lucrative for hackers that the temptation to launch the attack is well worth the risk. From the attacker's point of view, the ability to launch a successful Ransomware attack against a facility or person offers a huge payout, and the financial gain is well worth the effort.
In 2021, Ransomware statistics (obtained from studies conducted by several cybersecurity companies) show that an attack occurs every 11 seconds. Hackers are demanding huge payments from the individual or company to regain access to their networks to win big payouts. Since April 2020, successful Ransomware attacks have cost companies between $50 - $73 million. Unfortunately, even if the Ransomware is paid, there's no guarantee the hacker will release control of the network back to its rightful owner.
As Ransomware attacks become more frequent, hackers are learning how to use these attacks to launch Zero-day attacks. Zero-day attacks focus on software within the organization where the developer has known that the network version being used is out of date or has several critical known vulnerabilities. Furthermore, the developer has done nothing to patch the system. These vulnerabilities, known to the developer, can exist for months due to negligence or passive behavior.
Ransomware attacks will increase if the developers or IT security departments are negligent with their patching processes. Previously, publicly disclosed vulnerabilities included Microsoft, Oracle, Red Hat, and many others.
What can an organization do to help prevent a successful Ransomware attack from occurring? The organization's staff must be fully educated on security awareness principles, such as how to recognize:
· A phishing attack on a targeted individual
· Cleverly disguised emails that look legitimate but have a URL embedded that, once clicked, will install cleverly disguised malware onto the user's machine.
· A hacker-designed URL that redirects the user to a malicious website
What else must companies do to prevent Ransomware attacks?
Correct patching/focusing primarily on a specific version: making sure the IT Security department or developer ensures they're applying the most updated version of the software to the network
Comprehensive patching: ensuring the IT security team looks at the network holistically, identifying all outdated software, and formulating an all-encompassing plan to apply the patching ASAP
Complete patching: ensuring all patches are applied regardless of what software is being used and ensuring proper testing is conducted on that software so that no vulnerabilities are detected from it
After patching, then what?
Vulnerability scans, both for web-based applications and database servers, should be scanned at least every 48 hours. However, this can prove extremely expensive, and not all organizations have fully trained security personnel who can recognize the vulnerabilities, much less formulate and implement a plan to fix all known vulnerabilities.
When organizations are ill-equipped to handle these critical endeavors, it's in their best interest (depending on the importance of the data being protected) to outsource their work to a cyber-security consulting firm. This vendor must have the expertise to provide guidance and make recommendations to secure the organization's network properly.
Typically, when this happens, the contracting company will perform a gap analysis to review the business's current processes and deficiencies with those processes, formulate a strategy that hopefully aligns with the company's budget and provide a hand-to-hand walk-through. These measures are necessary to ensure the data the company is protecting is correctly safeguarded from the risk of expensive future hacks.
With the increasing Ransomware attacks, it's imperative that the organization handles these situations with the utmost urgency. As Ransomware attacks' profitability rises (and it does, exponentially), so does the likelihood of an organization getting hit with one.