Every 11 seconds, an organization falls victim to a ransomware attack. One quick news search for “Ransomware Attack” will demonstrate just how prevalent these attacks are becoming. From schools and hospitals to critical infrastructures, such as the recent colonial pipeline hack, ransomware is the most vicious and damaging attack in the cyber arena today.
A hacker needs only to gain access to one insecure component of your IT systems, and they can use that to ransom the very data you use to conduct business. Now more than ever, with cyberattacks on the rise, it is essential your business is always prepared. Remember, it isn’t if you will be a victim; it’s when!
Ransomware attacks are continuing to rise at an alarming rate. Cyber criminals work hand-in-hand with nation-state actors. The sophistication of these attacks will continue to rise while the ecommerce boom raises ransom demands.
It is important to note that not all cyber threat actors’ motives are for financial gain. Even if the cyberattackers’ motives are for financial gain, consider that the ransom demands may simply be too high or your company or another third party simply cannot pay the ransom. And even if you were able to pay the ransom, there is no guarantee what you’re paying for will be fully restored.
Did you know that if you and/or another party does pay the ransom, you may be facing fines of up to $20 million?
Ransomware: Pay or Pray?
According to the U.S. Treasury’s Office of Foreign Assets Control (OFAC), facilitating ransom to sanctioned hackers may be illegal and companies may be punished. The Financial Crimes Enforcement Network warned that facilitators could be prosecuted even if they or the victims did not know that the hackers demanding the ransom were subject to U.S. sanctions. This makes incident handling much tougher and makes ransomware prevention (i.e., proactive assessments and continuous monitoring to avoid impacts) even more important. The U.S. Treasury Department is effectively freezing property and interests on particular cybercriminals and cybercrime groups, thus, making it a crime to transact with them.
Cybercriminals which have been sanctioned and are closely tied with ransomware and malware attacks across virtually every industry include but are not limited to:
- North Korean Lazarus Group aka Bluenoroff aka Andariel, created by the North Korean Government in ~2007 and involved in the WannaCry 2.0 ransomware attack in 2017. Wannacry affected at least 150 countries around the world and shut down approximately 300,000 computers. Lazarus Group, Bluenoroff, and Andareil are controlled by the Reconnaissance General Bureau (RGB), North Korea’s primary intelligence bureau, which manages the state’s clandestine operations.
- Ali Khorashadizadeh and Mohammad Ghorbaniyan, Iranians with ties to the SamSam Ransomware Attacks.
- Evgeniy Mikhailovich Bogachev, the developer of Cryptolocker, which the FBI placed a $3 million bounty on this malware author.
- Evil Corp, a Russian cybercriminal organization and associates, using malware to extract more than $100 million for victim businesses. The FBI placed a $5 million bounty for information leading to the arrest and conviction of a Russian man involved in this ring.
Effective Mitigation of Cyber Impacts like Ransomware
Trust, but verify! Typically, the cyber threat actors noted above successfully infiltrate networks through backdoor intrusions and phishing. To boost ransomware prevention, consider adopting multifactor authorization, ‘zero trust architectures, and appropriate security control frameworks.’
Is cybersecurity expensive? No, it’s scalable to the organization; but like everything in life, there is a cost. Organizations that have been impacted often go on a shopping spree buying all kinds of security appliances and devices. Buying sprees do not equal better security; it only guarantees increased spend and in many cases wasteful spend.
Ensure proper oversight as a ‘check and balance’ against your IT staff, processes, technology and infrastructure through threat emulation penetration testing. Threat emulation penetration testing combined w/a Virtual Chief Information Security Officer security gap analysis will allow your organization to make well-informed decisions.
During essential threat emulation exercises, certified and authorized hackers attempt to hack your environment. Additional ransomware prevention measures include but are not limited to implementing a bug bounty program, conducting incident response exercises, and ensuring 24/7/365 monitoring of the IT environment.
If your business does not have a Chief Information Security Officer (CISO) / Chief Security Officer (CSO), that is usually a red flag. Consider filling this gap with a qualified virtual CISO / CSO. Outsourcing this important role is affordable (including for small-to-medium-sized enterprises) and has several advantages, e.g. higher qualifications and experience for the spend, cost savings over a full-time employee, helps align and define your security strategy, significantly reduces cyber risks, helps eliminate groupthink and wasteful spend, among many other advantages over a full-time position.
Contact Us
If you are missing any of the above and want to know if your business is safe from a cyber attack, contact Withum’s Cyber and Information Security Services Team.