Topic Hub – Ransomware

Introduction to Ransomware

Gain understanding of what ransomware is, how it works, the dangers it poses and how to safeguard against attacks that have proliferated and grown more damaging.

Quick Links

What is Ransomware?

Ransomware is a severe form of extortion malware where hackers encrypt or lock a victim’s files, demanding a ransom for their release. Typically driven by financial gain, these attacks are often executed by well-organized gangs, many based in former Soviet-bloc countries. However, some attacks aim to disrupt operations and erode trust, with perpetrators ranging from individual cybercriminals to nation-state actors.

While earlier predictions suggested that regular backups could nullify ransomware’s impact, attackers adapted, targeting larger and more lucrative entities like enterprises and critical infrastructure. They’ve also introduced double extortion, threatening to leak or sell stolen data if ransoms aren’t paid. High-profile incidents, such as the 2021 Colonial Pipeline attack, have underscored ransomware’s growing impact, causing significant economic disruption.

The ransomware ecosystem continues to evolve, with ransomware-as-a-service making it easier for anyone to launch attacks, solidifying its position as a persistent cybersecurity threat.

 

Ransomware in 2024: What CISOs must know

After a bruising year that saw major businesses extorted to the breaking point, CISOs are now bracing for…

Which Industries are Hardest Hit
by Ransomware?

Financial

Despite the reputation of having among the highest levels of cybersecurity maturity, ransomware gangs still successfully target financial services companies in significant numbers. This disruption can compromise sensitive customer data and halt critical operations, leading to potential financial losses and regulatory fines. Protecting assets and maintaining customer trust requires swift and effective response measures.

Ransomware targeting FinServ: What you need to know  –>

Healthcare

Ransomware attacks on the medical industry are becoming all too common, with many cybersecurity experts calling recent attacks more sophisticated than ever. These disruptions can lead to life-and-death situations, severely impacting patient care. Ensuring robust cybersecurity is critical to protecting both sensitive data and the well-being 
of patients.

Operational Resilience in Healthcare – Marty Momdjian – BH24 #1  –>

Industrial

Ransomware attacks against the industrial sector have surged, reaching 905 in 2023—a 50% increase over the previous year. These attacks can cripple production lines, disrupt supply chains, and cause significant financial losses. Strengthening cybersecurity measures is essential to safeguard operations and maintain industry stability.

Ransomware against healthcare and manufacturing on the rise: What to know, how to respond –>

What Are the Most Common Ransomware
Attack Vectors?

Wily attackers have numerous ways to deliver ransomware to their targets, but three stand out:

  • Remote Desktop Protocol (RDP): Unsecured or insufficiently secured RDP is an 
attack vector used frequently by hackers – credentials on the Dark Web are plentiful 
and cheap.
  • Email Lures: Bad actors deliver ransomware through a malicious link or attachment included in an email, with the senders persuading the target through social engineering to click or download, which executes the malware.
  • Software Vulnerabilities: Attackers continue to exploit unpatched flaws in software, some of which have existed for months or even years. For example, the hackers that attacked Kaseya exploited known vulnerabilities.

Fighting Ransomware: Best Practices

While responses to ransomware attacks vary, depending on the circumstances and the threat posed, organizations hit by ransomware should take these basic steps:

  1. Isolate affected systems. This is critical to keep ransomware from spreading.
  2. Secure backups. Disconnect backup storage from the network.
  3. Disable maintenance tasks. Disabling will keep tasks like log rotation from interfering with files that investigators and forensics teams can use.
  4. Create backups of the infected systems. This helps prevent data loss, and may make it possible for organizations to decrypt non-essential files for free in the future.
  5. Quarantine the malware. This way, investigators can analyze and determine the ransomware strain in play.
  6. Identify and investigate the source of infection. It’s important to understand how
    attackers got in, and the actions they took.
  7. Identify the ransomware strain. How you remediate and whether you can decrypt for free depends on what strain was used.
  8. Mull your options. Consider whether to pay or not. Assess whether you need
    outside help.

Conclusion: The Future Belongs to Ransomware

As long as payouts remain lucrative and organizations continue to pay ransoms, attackers will develop new and more sophisticated techniques to spread their malicious payloads.

And as long as countries continue to harbor those threat actors behind ransomware, it will continue to spread. Law-enforcement takedowns of ransomware-related operations like Emotet (an initial-access trojan often used in ransomware attacks), Clop and DarkSide almost certainly will help.

But government must also up its role in combatting ransomware, pressing other countries to take a hard line against the cybercriminals hiding there and pushing for more stringent cyber-hygiene for businesses.

Defenders in private enterprise must also up their game against these attacks – adhering to better hygiene and best practices. And they must also stock their boards with security-savvy members who can help them make decisions around ransomware, with the best interests of the business in mind.

Stay Informed: Get the Latest on Ransomware Delivered Weekly

Sign up now for expert insights, articles, and research straight to your inbox

Explore More Topics