By Parag Khurana
Ransomware was a major cybersecurity threat in 2022, causing widespread damage to individuals and organizations globally. For example, India has seen one of the biggest ransomware attacks when the servers of All India Institute of Medical Sciences (AIIMS) were targeted last year. Barracuda’s recent research finds the volume of ransomware threats that SOC team detected spiked between January and June 2022 to more than 1.2 million per month. This trend is expected to persist in 2023, where ransomware gangs will become smaller and smarter.
With the emergence of ransomware-as-a-service, cybercriminals have made it easier to execute attacks. At the same time, ransomware attacks are also fueled by cryptocurrency as research finds. Considering the rapid growth in the perceived value of cryptocurrency, attackers would demand payment in cryptocurrency such as Bitcoin. And more importantly, it is unregulated and difficult to trace. This can make it challenging for law enforcement agencies to track down the attackers or the funds received as ransom.
Over time, cybercriminals have introduced new techniques to their ransomware attack, including countdown timers, incrementally increasing ransom amounts, and alternative payment platforms. We see double extortion trend emerged in 2021, where attackers steal sensitive data from victims and demand payment in exchange for a promise to not publish or sell the data to other criminals. In 2023, with the ransomware-as-a-service business model taking off and ransomware gangs like LockBit 3.0, Conti, and Lapus$ are making news headlines, organizations will experience an increased frequency of ransomware attacks with new tactics.
Attackers have also expanded their targets to include larger operational systems, such as hospital networks and transportation service providers. Education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%) are the dominant targets found by a cloud-first security solution provider. As more devices become connected to the internet, we can expect to see ransomware increasingly targeting beyond just computers and servers in the future.
While paying the ransom may unlock the files, it also puts the business at risk of future attacks. Additionally, the damage caused by ransomware extends beyond the cost of the ransom itself. A ransomware attack can disrupt a business’s revenue, productivity, and reputation, causing significant harm. This highlights the need for continued vigilance and improved cybersecurity measures to combat the growing threat of ransomware attacks.
Preventing ransomware requires a multi-layered security approach rather than a one-off solution. A comprehensive security program should be implemented to detect potential ransomware attacks, prevent the intrusion of malware, and enable quick recovery in the event of an attack that slips through the defenses. Here are a few tips to mitigate the risk of ransomware:
- Protect users from phishing attacks/ credential loss — Implement anti-phishing capabilities in email and other collaboration tools, and consistently train your users for email security awareness. Advise them never to click on links or open attachments in emails from suspicious senders.
- Implement network segmentation — Implementing robust network segmentation will help reduce the spread of ransomware if it does get into your system.
- Reinforce access control on backups — Back up critical data frequently. Ensure that all backed up data is also replicated to a secure cloud storage service and cloud credentials should be different than normal credentials.
- Enhance web application and API protection services — Protect your web applications against bad bots by enabling web application and API protection services, including distributed denial of service (DDoS) protection. A Zero Trust Access solution can also improve your endpoint security postures.
- Remove unused or unauthorized applications — Investigate any unauthorized software, particularly remote desktop or remote monitoring, which could be signs of compromise. Avoid installing any software that is not fully trusted, and limit software permissions to only those necessary.
The author is country manager, Barracuda Networks India