Ransomware has increasingly been a scourge on business networks for the last several years, and is often mentioned as the number one tech threat. As the ransomware “industry” progresses and becomes more sophisticated, companies are finding it more difficult to keep up with the evolving ransomware attacks.
Ransomware began as a threat primarily focused on wealthy individuals, but hackers have increasingly turned their attention to organizations. The amounts demanded are rising as well. The Sophos 2021 Threat Report shows that as of the time of the report, the average ransom payout was $233,817.30. Just 12 months ago, the average payout was $84,116.
“Because it’s focused on business, the volume of the ransom has gone through the roof,” says Chester Wisniewski, principal research scientist at Sophos. “I think that is what is misunderstood about the impact it’s having. We’re mostly hearing about the headlines with the million-dollar ransoms. What we’re not hearing about is the $100,000 and $150,000 ransoms that are happening much more frequently.”
Most small and medium sized business assume that something like this could not happen to them. But they are actually a primary and favorite target of these criminals. In fact, 28% of companies who reported a security incident within their organizations said it involved ransom payments. The changing nature of the ransomware attacks is behind their success for the hackers. Because a company can never fully anticipate what is coming next, they can’t prepare. Experts say that the innovation on the criminal side is driven by human intellect. This means fewer attacks at bot-generated, and are the actual product of real human beings – albeit not very nice ones.
Hackers and cyber-criminals are now getting personally involved in the process of developing and refining their techniques. They are getting better at avoiding detection by tried-and-true security strategies. Traditional mitigation techniques become less effective every day, because the new attacks are designed to slip past the normal red flags in the system. While a bot may “give up” if stopped in its tracks, a human can keep working on their approach until they successfully infiltrate the system.
“Humans are unpredictable,” says Wisniewski. “Not to mention humans are tenacious. If a hacker fails, they don’t do the same thing again. They try something different and by the second or third time, they’ll get past whatever defenses are there.”
Those cyber-attackers who utilize ransomware also have begun to specialize their skills. For instance, one criminal organization may specialize in breaking into someone’s system. That may be their only job, and they sell access to other cirminals who have a ready-made atttack, but don’t know how to get in.
“Those are the people who are buying victims and then installing the ransomware,” said Wisniewski. “They are affiliates of the people who actually write the malware. Their job is to install it and trigger the encryption and then intimidate the victim into paying.”
Once ransom is paid, another group is often brought in to launder the money collected from the victim and erase any trace of thsoe involved.
“You’re dealing with highly-specialized people who are really good at their jobs,” he said. “And because of that specialization, I think that’s one of the one of the primary reasons we’re seeing an increase in success against victim companies.”
Most companies have learned to prevent malicious code, but a contemporary strategy must focus on watching for malicious behaviors. To effectively defend against ransomware, companies must play the same game that the hackers are playing – and put human players in the game. “Threat hunting” and managed threat response will be the way to stop the new generation of ransomware attacks.
The good news is that many companies are rising to the challenge. A recent Sophos report on the human element of cybersecurity reported that 48% of respondents have already integrated human-driven threat hunting in their security protocols, and nearly half (48%) plan to implement it within the year.
Allocating personnel to threat hunting may not be feasible for your organization, which is where Alliance IT comes in. Our team of experts monitors your networks 24 x 7, and it is our job to stay on top of the latest threats and solutions. Call today to learn more about protecting your company against ransomware today.
