Cyber crime is a big business—and with a predicted attack rate of once every 11 seconds, ransomware has become the biggest cyber threat to organizations. Whether it is a supplier or vendor the cybercriminals are after or the organization itself, ransomware attackers are now in search of the weaker links in a supply chain.
Ransomware events, which tripled in 2020 compared to the previous year, are estimated to reach $20 billion this year. Not only are they multiplying in frequency, attackers are raising the bar by promising to publicly release stolen data if victims do not pay the ransom.
The evolving business of ransomware
Rather than the many independent threat actors that existed in the early 2000s, today’s hackers collaborate as a business. They have their own range of skills, which they combine to close the gap in the ransomware ‘killchain’. One community may be specialized in reconnaissance, while another is involved in social engineering, phishing or even money laundering.
Individual skills and expertise lead to much more sophisticated attacks in combination. Influenced by the Software-as-a-Service (SaaS) paradigm, the victims’ stakes are raised by this new approach, known today as Ransomware as a Service (RaaS). In this model, no company is an exception to becoming a target.
In the past, attackers used mass spam campaigns to trick users into clicking links or attachments. If clicked, the device was encrypted, enabling bad actors to access other associated systems in their open ripple effect. In the last few years, however, ransomware groups have made the move to ‘big hunts’.
During these strategic attacks, cybercriminals leverage vulnerable external facing servers, unsecured remote access solutions or an undetected banking trojan. The next step is gaining elevated privileges through post exploitation tools and encrypting whatever information they can, which leads to disruption of business operations.
For more on the evolution of ransomware, check out our webinar, ‘Reinventing the Ransomware Playbook’.
Preparation is the key to ransomware protection
In response to the recent attack inflation, the Institute for Security and Technology (IST) Ransomware Task Force (RTF) has developed a robust plan to tackle the global ransomware epidemic. The framework is dedicated to ensuring organizations are equipped to prepare and respond, and lists actions that have the potential to reduce the harm from ransomware attacks globally.
While we’re all-too-familiar with how daunting transformations in cybersecurity can be, the RTF prioritized highlighted five of the 48 recommendations it made to government entities:
- Work together to address ransomware
- Implement an intelligence-based anti-ransomware campaign
- Set up response and recovery funds
- Develop a universal framework for preparedness and response
- Closely regulate the cryptocurrency sector
The best offense is a strong line of defense
Although ransomware attack vectors have slightly shifted over the years, certain controls can alert you to threats before they become irreversible. There are many indicators, other than phishing, that a ransomware attack is likely to occur, including publicly visible critical ports, email security, company size and/ or industry and more.
One of the most important things to consider when it comes to cyber attacks is third-party involvement. As we saw with Quanta earlier this year, actors try to hit companies through weaker links in their supply chain. Therefore, ransomware risk should always be incorporated into third-party due diligence and third-party risk management efforts.
By combining these common indicators with data and machine learning, Black Kite helps uncover the susceptibility to ransomware for any organization within a business ecosystem. With the Ransomware Susceptibility Index™, risk assessors can stay ahead of the ransomware game by understanding which vendors are most prone to ransomware, and then develop an effective course of action to remediate issues.Request Your RSITM