Ransomware continues to be one of the most disruptive forms of cyberattack. Victimized organizations not only suffer the loss of critical data but are hit with financial costs, lost confidence among customers and users, and damage to their brand and reputation. Further, organizations face a difficult decision of whether to pay the ransom or try another means to recover their data. In a blog post published on Tuesday, cyber threat intelligence provider Check Point Research discusses the surge in ransomware attacks and offers advice on how to battle them.
SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)
Over the past three months, the daily average number of ransomware attacks around the world jumped by 50% compared with the first half of 2020. In the United States alone, such attacks doubled over the same period of time, making the US the most targeted country for ransomware.
Other countries also affected by dramatic rises in ransomware included India, Sri Lanka, Russia, and Turkey.
The latest surge has been triggered by a few different factors, according to Check Point. The coronavirus pandemic and lockdown and the abrupt shift to a remote work environment opened the door to gaps and flaws in the security defenses for many organizations. Cybercriminals have been more than eager to exploit those vulnerabilities.
In some cases, victimized organizations would rather pay the ransom than deal with the time and effort involved in trying to recover the encrypted files. This has been especially true for hospitals and medical research firms that would prefer to pay the money than potentially risk the lives of patients through a loss of critical data. But the more these attacks succeed by grabbing the ransom, the more that attackers are encouraged to continue their onslaught.
Further, cybercriminals have increasingly been employing a novel strategy of double extortion. Beyond simply encrypting the sensitive data, the attackers threaten to reveal it publicly unless their ransom demands are met. Fearful of having the information exposed, the victims feel they have little choice but to pay the price.
Certain ransomware operations have also become more sophisticated in scope. As an example of one cunning tactic, the Emotet gang sells the information stolen from its victims to ransomware distributors, which makes such organizations even more susceptible to further attacks. In another example, The Ryuk gang has been tailoring its attacks at specific targets, most notably healthcare providers, at a rate of around 20 organizations per week.
What can and should organizations do to better combat ransomware attacks? Check Point offers the following advice:
Endpoint protections. Conventional signature-based antivirus protection is always an efficient solution for preventing known attacks and should be implemented in any organization as it protects against a majority of malware attacks.
Network protections. But advanced enterprise protections such as intrusion prevention systems (IPS), network antivirus, and network anti-bot are also crucial in preventing known attacks. Sandboxing has the capability to analyze new and unknown malware in real time. This technology scans for signs of malicious code, thereby blocking it and preventing the malware from infecting endpoints and spreading to other locations. As such, sandboxing is an important prevention mechanism that can protect against evasive or zero-day malware and defend against many types of unknown attacks against an organization.
Continuous data backups. Maintaining regular backups of data as a routine process is an important practice to prevent data loss and to be able to recover it in the event of corruption or hardware malfunction. Such backups can also help organizations recover from ransomware attacks.
Patching. Patching is a critical component in defending against ransomware attacks as cybercriminals will often look for the latest exploits described in released patches and then target systems that are not yet patched. Organizations should ensure that all systems have the latest patches as this reduces the number of potential vulnerabilities for an attacker to exploit.
Education. Training users on how to identify and avoid potential ransomware attacks is crucial. Many of the current cyberattacks start with a targeted email that does not even contain malware but rather a socially-engineered message that encourages the user to click on a malicious link. User education is often considered one of the most important defenses an organization can implement.