Ransomware is the biggest cybersecurity threat we face today, potentially affecting any industry and sector severely, and the attacks are not going anywhere soon. It continues to be one of the most crucial cybersecurity issues as cyber criminals breach networks and encrypt files and servers demanding ransom- often thousands or millions of dollars in Bitcoin for the decryption key. Victims have no choice but to either pay the ransom to regain access to their encrypted network and restore their data or pray the decryption key is available for free online.
This year, ransomware variants have doubled as cybercriminals take advantage of increased extortion attacks. And no sector is safe from these attacks, as cyber criminals continue targeting hospitals, infrastructure, and other sectors. According to the Fortinet report, they have witnessed 10,666 ransomware variants over the last six months, up from 5,400 in 2021. That is almost 2x growth in ransomware variants in half a year.
Also Read: Hit by a Cyberattack? Here is Why Hackers are Likely to Strike Again
As per the report, one of the main reasons is the rise of ransomware-as-a-service (RaaS) sold and spread on the dark web. AvosLocker is one famous example of RaaS that was first spotted in July 2021. It had the ability to allow cyber criminals to manipulate and target the malware as they deemed fit, making it hard for businesses to address. These subscription services are designed to let amateur cyber criminals get handsy with ransomware, as many came with support and how-to guides from the author. Often ransomware authors will take a share of the profits generated from ransom demands, and some ransomware attacks become more successful and dangerous than others.
Conti, a RaaS group, is a successful example reported by the researchers, which has been around since 2020. It used various methods, such as spearphishing campaigns with customized emails containing malicious attachments or links, to gain access to the victim’s network. Conti actors were also known for exploiting remote managing and monitoring software to avoid detection. Researchers at Fortinet suggest the threat actor shut down its last two remaining Onion Router (TOR) servers. However, Conti is expected to continue its operations as a spin-off group. The Fortinet report warned that ransomware, exploitation, and attacks on the supply chain would continue to prevail because of their disruptive and notorious nature.
Cyber criminals will continue to evolve with their methods and new variants and will never let an opportunity pass. Someone is always trying to cause harm, whether it is an exploit, vulnerability, or theft. Ransomware continues to dominate because, as victims, we feel we have no choice but to agree to their requests- something cybersecurity agencies have warned against. But organizations can take steps to keep themselves, and their organization prepared to respond to such threats.
Often ransomware attacks result from hackers finding their way into the network because of unpatched vulnerabilities; hence, applying those necessary security updates as soon as they are available can disrupt potential vulnerabilities in a network.
Organizations should also make regular backups of their files and servers, so in the event of a successful ransomware attack, they should be able to restore the network without paying the criminals.
Cybercriminals are also exploiting the increased adoption of cloud services owing to the rise of remote and hybrid working. If they can steal usernames and passwords, they can access the network by disguising themselves as legitimate users.
Also, organizations and businesses should provide users with multi-factor authentication (MFA) that can help prevent attackers from benefiting from stolen passwords.
Read more: Cybersecurity Predictions for 2022: A Renewed Focus on Cybersecurity
Want more updates on Cybersecurity? Visit https://blog.excellimatrix.com/ or follow us on Facebook & LinkedIn or Contact us at 406-646-2102 and get your questions answered.