By Chester Wisniewski, Principal Threat Researcher at Sophos
As businesses become increasingly more connected, it is becoming almost inevitable they will encounter cybersecurity threats such as ransomware – an insidious form of malware that holds systems and files hostage until financial bounties are paid. In 2021, one in four organisations in Singapore reported a ransomware attack, costing on average millions of dollars to remediate. Every year these attacks become more prevalent and sophisticated and businesses need to be building their defenses to keep these attacks at bay.
According to a 2022 Threat Report by global cybersecurity leader Sophos, criminal organisations are joining forces to conduct coordinated assaults on companies. Together, they are using seemingly benign methods to gain initial access to victims’ systems like phishing, insecure configurations, and exploiting unfixed bugs.
Going forward, there will increasingly be a social aspect to these attacks. Criminals are increasingly teaming up, learning from each other, and borrowing from peers’ playbooks. Not only are there more threat actors bringing ransomware within the reach of previously less-skilled or well-funded attackers; strategically, there has also been an increasing shift in their approach to ransomware activities, from encryption to extortion.
In other words, before blocking access to your files, criminals are also working to steal as much information as possible to see what other types of leverage they can apply. According to Sophos, there are 10 types of pressure tactics are commonly wielded against ransomware victims today, including threats like publicly releasing sensitive data or exposing unwanted information to the press. These points of rising concern are only expected to grow in scope and intensity in 2022 and beyond.
Of course, such attacks take considerable effort to manage and execute. Even though firms with at least $100 million in annual revenue are often hackers’ preferred targets, small and mid-sized companies are also at risk. So while many ransomware attacks may start with an initial access broker (who actively breaks into systems), that sort of threat actor is generally just the tip of the iceberg. Taking a nod from traditional organised crime networks, forward-thinking ransomware groups will often outsource tasks, such as finding victims, installing malware, and laundering ill-gotten proceeds (often delivered in the form of cryptocurrency) to other miscreants.
Thankfully, this activity leaves digital trails of breadcrumbs that well-trained IT security pros and artificial-intelligence-powered tools can trace. Sophos provides solution-based services that can provide comprehensive, around-the-clock protection, including Rapid Response, which offers specialists who can contain and neutralise active cyberthreats; Extended Detection and Response (XDR), which contextualises and analyses environmental data; and Managed Threat Response, which automatically sniffs out and counteracts digital dangers.
At Sophos, we’re making it simpler to stay on top of, sift through, and pounce on potential challenges. While it is important to conduct regular penetration testing, scan for malware, and anticipate and address potential points of network failure before they occur if your company wants to stay cybersecure, it is also critical to keep an eye on and investigate even seemingly innocuous alerts that may pop up.
Mounting a successful response against high-tech hazards at enterprise scale does not just require businesses to stay well-attuned to what is happening across their apps, systems, and networks at every turn. It also requires businesses to use smart technologies to gain deeper visibility and insight into IT operations and identify patterns indicative of potential breaches and intrusions.
It is more crucial than ever to protect businesses against ransomware adversaries and Sophos can help businesses build solid digital defenses to keep attackers at bay.