What You Really Need to Know About Ransomware in 2023

Guest post by Richard Ford, CTO, Integrity360

Ransomware has become somewhat of a buzzword or catch-all term applied to cyberattacks. While not every attack or breach is a form of ransomware, the reality is that it’s one of the biggest threats to businesses in Ireland, regardless of size or industry. As well as an increased frequency of cyberattacks in general, ransomware remains on the rise.

In fact, Ransomware-as-a-Service (RaaS) – where criminals rent or buy tools, infrastructure and abilities – has become a trend, with LockBit, Conti and BlackCat coming to the fore. Their deployment has been significant but the growth in their use tells an even more revealing story. Along with the developing RaaS model, exploitation gangs are also pressuring victims into paying ransom by threatening to leak or sell personal information and taking advantage of things like widespread hybrid working and even the war in Ukraine to unleash attacks.

Moreover, according to the Verizon Threat Research Advisory Centre (VTRAC), these attempts are proving successful with ransomware threats accounting for 10% of all breaches, including numerous high-profile incidents targeting global brands. The fallout from successful ransomware attacks is varied too, from taking down websites to disrupting utility supply to extorting customers.

Equally worrying is that the volume of attacks will only increase with the emergence of new Artificial Intelligence (AI) technologies, like ChatGPT. As much as they can be used for good, such technologies can also be used nefariously. In addition, cybercriminals don’t need the same level of skill set to launch an attack as they used to because they can use AI to do the work for them.

Prevention is better than cure

It might sound obvious but prevention is vital for combatting ransomware attacks and should be what organisations aim for, rather than simply detection which then requires a cure. This is because once an attacker gains access to an organisation’s data, there’s little it can do to protect that information from public disclosure other than pay the ransom. And even that has no guarantees.

While threat detection has rightfully become a huge focus for both companies and the wider security market, driven by the fear of Advanced Persistent Threat (APT) actors, preventative controls and basic cyber hygiene have repeatedly fallen by the wayside. This balance needs to be addressed by businesses through the implementation of a comprehensive strategy, from prevention, detection and through to response, if they are to effectively safeguard their systems, people and data.

This means doubling down on effective cybersecurity management to highlight and close out cyber hygiene gaps, rectifying areas of misconfiguration, particularly cloud configuration, and utilising preventative controls built into existing security platforms. It also means being aware of fileless malware, deploying machine learning & behavioural-based threat prevention, and aligning with Endpoint Detection and Response (EDR) capabilities. For most, this should mean strengthening their cybersecurity position in line with their Zero Trust journey.

Be proactive, not reactive

In many attacks, cybercriminals use phishing emails to infect an endpoint with malware and gain a foothold into a company’s network. Therefore, educating employees on the types of threats – including how to detect, manage and report same – is an absolute necessity. Reinforcing this through regular security awareness training and phishing simulations will further help to reduce the risk of people inadvertently falling for malicious emails or opening an attachment that give threat actors that initial foothold to begin their ransomware attack.

Of course, it can be difficult to manage cybersecurity with a lack of in-house resources or skills. Again, approaches need to change and organisations should take a long-term view, rather than just dealing with what’s right in front of them. People don’t need a PhD to work in cybersecurity; they can be cross-skilled and cross-trained. By equipping them with the knowledge now, companies can benefit in the future. In addition, automation can be utilised to support teams, enabling them to better manage workloads and focus on business-critical responsibilities.

As well as taking the time to optimise and enhance internal skillsets, organisations must take the time to modernise traditional approaches and strengthen their cybersecurity stance. By regularly assessing systems, businesses can be proactive in reducing gaps and limiting exposure. Having a clear oversight of infrastructure and data, along with who has access to it, is crucial.

You can’t protect against what you can’t see

With so many vectors being used and more levers to pull than ever before, attackers are constantly changing how they do things. So too should organisations, especially if they have been targeted or breached in the past. As Albert Einstein once said, insanity is doing the same thing over and over and expecting a different result.

However, one thing that should be a constant and should serve as the foundation of any cybersecurity strategy is visibility. After all, if you can’t see something, you can’t prevent or respond to it. A lack of visibility when it comes to users, systems, devices, and their activity, is a disaster waiting to happen.

Organisations, therefore, need to gain complete visibility of what their environment is exposed to, who’s operating within it and baseline what normal behaviour looks like. Through seeing and understanding everything that’s occurring within their infrastructure, underpinned by data points, they can be better informed in terms of how best to approach cybersecurity.

Ransomware isn’t going away anytime soon and it’s a threat that comes from multiple directions, including external ransomware groups and internal weaknesses. Similarly, organisations need to take a multifaceted approach to gaining visibility, preventing attacks, detecting breaches and educating people – keeping in mind that they could be being exploited or acting maliciously.

The evolution of cybersecurity risks presents a challenge for all organisations, but that doesn’t – or should we say it can’t – mean that companies should dig in their heels and continue with what they’re doing. Even if it has proven successful to date, failing to adapt and update solutions and strategies could prove costly and could provide an opportunity for ransomware to reign.