Targeted Ransomware Attacks on the Rise

At the end of February, security experts at RSA 2020, a leading cybersecurity conference, warned that an increase in targeted ransomware is likely. These concerns echo a statement released by the FBI in October that ransomware attacks are becoming “more targeted, sophisticated, and costly.”

Ransomware is a form of cyber-attack that hackers use to encrypt information on victims’ systems then demand a ransom before giving the victim back access to their files. In the past, these attacks were aimed primarily at individual consumers. However, in the past 2 years ransomware attacks have dramatically shifted focus toward businesses and institutions, including government agencies. According to a report by Malwarebytes, there was a 263% increase in ransomware targeting organizations in the second quarter of 2019.

Easy Money

So what exactly has led to the increase in ransomware attacks against businesses? Well, while there are a number of factors contributing to this trend, the main answer is money. According to the Malwarebytes report, attackers found that focusing on businesses provides a larger and more consistent return on investment. Not only do hackers expect businesses to have more money than indyuvial consumers, the loss of data can prove more harmful and costly for organizations than a single person. This gives businesses a larger incentive to pay up. What’s more, ProPublica has written a series of articles detailing how insurance companies and other firms offering ransomware solutions often opt to simply pay the ransom rather than work to unlock encrypted files by other means. Hackers are therefore becoming more and more confident their victims will cough up the money.

However, ransomware attackers are also learning they don’t even need the ransom to make money off their attacks. Ransomware-as-a-service (RaaS) is a growing business model on the dark web, where groups will build and sell ransomware kits to those without the technical know-how to carry out an attack on their own. RaaS has therefore made ransomware a more accessible method of attack, contributing to the rise in attacks we have seen in the past few years.

Protect and Prepare

Given the dramatic rise in ransomware attacks against organizations, every business needs to invest time and energy in protecting against and preparing for the possibility of a ransomware attack.

Protecting yourself from a ransomware attack largely involves getting back to the basics of cybersecurity. Upgrading and patching outdated operating systems and software regularly, using anti-virus and malware protection, and restricting access privileges only to those who need them will all help to decrease the risk of an attack. Regular penetration test and vulnerability scans will show the areas in your systems that need the most protection. Routinely backing up your systems and information and testing those backups is also essential. If a ransomware attacks locks up your files, having a recent backup of your information could be one way to ensure access without paying a ransom.

However, even if you take every possible preventative measure, you can’t just assume you won’t be targeted. Given the dramatic increase in ransomware attacks, it is essential to also plan your response if something ever happens. Incident response teams should therefore understand the response plan and simulate ransomware attacks to ensure preparedness and find ways to strengthen your response should the worst happen.

The Hole in the Firewall Gang

In our mythology of the American past, towns were terrorized by roving gangs who would rob one town then head to the next.  Welcome to 2019.  New technology.  Old tricks.

Recently, we wrote about a rising trend in ransomware attacks targeting local governments. Since then, news broke that 22 towns in Texas have become the latest victim of these attacks. Investigations are still underway, so information on the exactly causes has yet to be released to the public. However, according to NPR, a mayor of one affected town said the attackers are asking for $2.5 million to unlock government files.  

What sets this apart from the recent onslaught of ransomware news is the highly coordinated nature of these attacks. Texas officials believe the attack to be caused by “one single threat actor,” targeting specific agencies rather than entire government systems.  

Texas governor Greg Abbot classified the attack as a Level 2 Escalated Response — the second-highest level of alert in the state’s emergency response system — indicating that the scope of the incident is beyond what local responders can manageCybersecurity experts from the F.B.I., the Federal Management Agency, and the Teas Military have all been called in to respond.  

One pattern many have noticed is the relatively small size of the towns attacked. Of the 22 towns affected, four of them have a total of 31,000 residents. In many cases, small governments have underfunded IT departments, making it difficult to maintain effective cybersecurity practices. Frequently, ransomware attacks are will target systems based on opportunity. Instead of wasting the effort of cracking systems with strong security systems, attackers will go after those with easy access. Local government’s like those these Texas towns are therefore prime targets for these types of attacks.  

News of thattacks not only show that government ransomware attacks are on the rise, but also an increase in the level of sophisticationIn an article in the New York Times, Allan Liska, the author of a recently report on government ransomware attackssaid that if this turns out to be a new phase — because bad guys love to copycat each other — we’re going to see a continued acceleration of these kinds of attacks.” 

If this news teaches us anything, it’s that public and private business should not waitbut put it place processes now to prevent being the next victim of a ransomware attack. All organizations should make sure that they are testing their backups regularlypatching their systems, and engaging their staff in cyber awareness training.

And rustle up a posse.  Because they are coming.