Ransomware: The Next Wave

Triple Extortion, combining multiple types of attacks into one lethal cocktail, shows that cybercrime is on the offensive.

IT innovation means positive change but, as always, progress can be deployed to criminal ends. Certainly, cybercrime has not stood still over the past couple of years, exploiting the rise of work from home during the pandemic and rapidly expanding network edges with uneven cybersecurity policies in place to cover either of these eventualities.

Some sobering figures remind us that we cannot lower our guard: ransomware has increased by 435% between 2019 and 2020, with the average ransom payment rising by almost 50% in 2021. While payouts averaged $155k at the end of 2020, they had risen to $280K by May 2021. (source: www.blackfog.com) Over 60% of organisations say the time spent to identify attacks is the biggest barrier to fight ransomware attacks (source: Ponemon Institute, 2020).

Since 2019, cybercrime has shifted to targeting large organisations that deliver emergency and critical services, with an important role in society. Organisations at risk include both the public and private sector, paralysing essential infrastructure in government, manufacturing, finance, healthcare, education, energy and more.

In fact, ransomware has become other more sophisticated, organised and available to non-technical folks through a franchise model, where ransomware code is sold to facilitate attacks. Ransomware as-a-Service (RaaS), available on a subscription basis, helps the proliferation of ransomware attacks.

The latest evolution in ransomware consists of integrated attacks, combining file encryption, data theft and DDoS to triple the pressure and optimise extortion.

The combination of the three types of ransomware increases the likelihood of payment from the unsuspecting target.

  • File encryption is used to encrypt the target organisation’s valuable data, demanding payment to decrypt it;
  • Data theft consists in extracting data from the victim following up with a threat to expose it publicly unless payment is received;
  • DDoS attacks are initially demonstrated against selected elements of the target organisation, followed by an extortion demand for payment; they render the organisation’s network unavailable t its users, disrupting services until ransom is paid.

The industry and cybersecurity expert community are responding to the escalating situation and the Ransomware Task Force for example, a coalition of experts across industry and government organisations, has issued some useful guidelines to help prevent costly breaches:

  • Prevention: educate your users on cyber hygiene and deploy protection across your network and endpoints.
  • Cover the basics: back up your data, patch and update your PCs regularly.
  • Monitor threat continuously: continuous threat intelligence is essential to keep detection rate high, proactively scanning your network for signs of intrusion.
  • DDoS protection: deploy a hybrid, intelligent combination of cloud-based and on-premises mitigation.

A preventative and proactive approach to cybersecurity is of the essence, as testified by the  Ponemon Institute’s Cost of Data Breach Report 2020 that found that organisations take 280 days on average to detect and respond to an incident. However, those that can complete this process within 200 days save about $1 million (about £750,000).

For more information and advice on selecting and deploying effective cybersecurity solutions to protect your organisation please contact Nuvias NETSCOUT team [email protected].

Watch our latest security webinar on-demand – “Triple Extortion, Threat Intelligence and Tales of a Pandemic”