While the world is emerging from the COVID crisis, another kind of pandemic is on the rise. Ransomware continues to hit companies and organizations of all shapes and sizes, with attacks growing ever more brazen and costly.
While there have been a number of high profile attacks in recent months, the majority of ransomware attacks still target small and medium businesses. Many smaller companies can’t afford dedicated IT security staff, so everyone needs to be aware of new tactics used by hackers.
Backups are no longer enough
As organizations struggle to beef up their digital defenses, hackers are also searching for new ways to extort as much money as possible. The first generation of ransomware tried to extort victims by encrypting their file systems and then demanding money in exchange for the key.
There’s an easy workaround to this, however. Having a backup means you can just restore your systems, deleting the malware in the process.
In response, hackers started to put in extra efforts to encrypt backups as well. By secretly monitoring a network for days, they could find out where backups were located and encrypt them, even on cloud hosting services.
Many companies now adopted practices like keeping multiple air-gapped backups across different media. This makes it much more difficult for hackers to completely lock the files of their victims.
Leveraging Data Leaks for Extortion
Data leaks can come with devastating costs for victims. Failing to protect sensitive customer data undermines trust, and sometimes leads to fines and lawsuits. In the US, for example, the average data breach costs over $8 million. It’s easy to see why many organizations make the unenviable decision to pay off cyber criminals.
Data extortion has turned out to be so lucrative, some gangs are even trying to automate it. The Avaddon ransomware gang is one such case. Research suggests that they are attempting to monetize data leaks on a massive scale.
When they successfully infect an organization’s network, they download as much sensitive data as they possibly can. This data is then uploaded to their dark website, where a countdown begins. The victim has a few days to pay the ransom, or else all of the data will automatically be published.
At any given time, the details of multiple organizations are visible on their website.
Increasing Role of Denial-of-Service (DDoS) Attacks
To cope with the increasing cyber defenses, ransomware hackers are also turning to DDoS attacks. DDoS attacks shut down a system by flooding it with traffic. There are several ways this can help to squeeze money out of their victims.
One is by threatening to disrupt their business. For example, imagine hackers manage to lock a company’s files. They also steal sensitive data. This is a smart company with good backup procedures, though. They restore their systems from backups and quickly get back online, minimizing downtime.
At this point, the hackers can threaten to publish the private data they stole. If this alone doesn’t convince the victim, they can also threaten to launch a DDoS attack and further disrupt business. In some cases, ransomware gangs will also threaten to attack a company’s clients or customers.
This means that network traffic may be monitored for unusual activity. A DDoS attack may be a minor threat, but it can distract IT security long enough to penetrate a network unnoticed.
Staying One Step Ahead of Attackers
There are a few ways to stay ahead of the new tactics used by hackers.
Conduct Regular Phishing Awareness Training. At the absolute minimum, have all employees attend a phishing awareness workshop once per year. This should inform them about the latest tricks used by hackers.
With ransomware on the rise, the old saying “An ounce of prevention is worth a pound of cure” is now as relevant as ever. It may seem annoying to put in the extra work, but cybersecurity threats are continuously evolving, so your defenses need to too.