Ransomware tops the list of cybersecurity threats for 2020.
While there have been efforts to convince individuals, corporations and municipalities not to pay ransoms, the simple fact is that whenever one is paid, the attack becomes a success that encourages cyberthieves to try again.
Ransomware attacks increased 18 percent in 2019, up from an average 12 percent increase over the past five years, according to research from cyber risk insurance firm Chubb. It accounted for 40 percent of all manufacturers’ cyber claims, and for 23 percent of cyber claims for smaller businesses last year.
“Ransomware has not only continued to grow over the years, but it has also attracted more organized criminals who have begun targeting specific industries,” said Javvad Malik, security awareness advocate at KnowBe4.
That “has not only increased successful infections, but has also made criminals more brazen in the demands they’ve been making,” he told TechNewsWorld.
One irony of ransomware is that it remains among the easiest threats to control. Prevention would be effective if users would refrain from going to untrusted websites or from opening suspicious email attachments.
“Ransomware will continue to be an issue until such time that a preventative measure can be found or every user can be educated well enough to not open files from unknown sources,” said Tom Thomas, adjunct faculty member in Tulane University’s Online Master of Professional Studies in Cybersecurity Management program.
Ransomare is particularly nefarious because of its broad targets: individuals, businesses, government agencies and cities. The number of ransomware attacks increased in 2019 — but worse, 22 of those cyberattacks shut down city, county and even state government computer systems.
If it can’t be stopped, the next best option is to make it less profitable. As a result of the attacks on municipalities, more than 225 U.S. mayors last summer signed a resolution at the U.S. Conference of Mayors, pledging not to pay the hackers.
“Ransomware does not judge nor care if you are an individual, government or organization. It’s about greed — and let’s be honest, organizations have more money than individuals,” Thomas told TechNewsWorld.
“The mayors’ pledge is so much political maneuvering and sound bites. Their pledge means nothing to threat actors and criminals,” he added.
Those pledges are not the end of the story — they are just the beginning, said KnowBe4’s Malik.
“Like an animal that acquires the taste of human flesh after its first kill, the rise and success of ransomware has given cybercriminals the taste of data,” he remarked.
A pressing concern is what those criminals might do with the data.
“It will be common to see ransomware coupled with threats of data exposure as ransomware strains developers and expands on new methods to demand payment,” predicted Erich Kron, security awareness advocate at KnowBe4.
“We have seen these threats for years; however, data exposure has already happened late in 2019 and will become a common practice in 2020 for those who don’t pay,” he told TechNewsWorld.
A King’s Ransom
City leaders may have more leverage in deciding not to pay a ransom than businesses, many of which have succumbed. For some companies, ransomware payouts now are factored in as an added cost of doing business.
“From the perspective of a business owner of any size, ransomware is a frightening proposition. Imagine all of the endpoints in an organization failing in a few hours,” warned Jason Kent, hacker in residence at Cequence Security.
“Given that most organizations have difficulty doing the basics, knowing their assets, knowing if these assets are secured and patched, backing up data, etc. — the rise of ransomware in the next few years will be most likely a foregone conclusion,” he told TechNewsWorld.
“If we look at the organizations that have been hit with ransomware, the recovery process was painful and took huge amounts of effort to get back online,” Kent added. “If we are to make it through 2020 with our systems intact, we have to watch out for the ever-changing threat landscape.”
Although not new, the very sinister “wiper worms” threat, which first appeared as a new form of malware in spring of 2018, could be on the rise. Wiper worms, which can be very sophisticated programs, generally have three targets: files/data, the boot section of a computer’s operating system; and system and data backups.
“While not as common as ransomware, this type of malware is a major risk because of the devastating outcomes of such attacks,” said Yaron Kassner, CTO of security firm Silverfort.
One significant concern is that a wiper could be deployed on a network, and instead of merely locking out a user, it could be function much like an even more insidious form of ransomware.
“I see wiper worms as one of the top cyberthreats for 2020,” Kassner told TechNewsWorld.
Those hit by such an infection may not even be able to rely on backups, which also are infected. If users restore data compromised by the worm, that doesn’t resolve the problem, as each resoration attempt only replicates the problem.
“Once attackers have a foothold, it’s easier for them to encrypt data for ransom than to exfiltrate data to sell on the dark Web,” noted Willy Leichter, vice president at Virsec.
“Cryptocurrencies now make it easy for criminals to monetize attacks anonymously,” he told TechNewsWorld. “Recent attacks have encrypted data and threatened to expose it publicly if the victim doesn’t pay up. While this is probably a bluff, it raises the perceived stakes for victims, increasing their desperation and willingness to pay.”
Recovering Efforts Lacking
Another troubling component of ransomware and wiperware is the effort required to recover from such an attack. Few businesses have a strategy in place should such an attack occur.
“Seventy-seven percent are confident or very confident, but only 21 percent have contingency plans in place, and less than half that — 11 percent — believed they could recover within three days of an attack,” he told TechNewsWorld.
“Organizations must take a clear-eyed, hard look at how unprepared they are for a denial-of-availability malware attack and reshuffle their priorities accordingly,” Beuby added. “Ransomware and other wiperware is unprecedented in its ability to lay waste to a corporate network without regard to physical location: NotPetya permanently encrypted 55,000 Maersk servers and other devices around the world in 7 minutes.”