A digital epidemic is sweeping across the world at a record pace. Its name? Ransomware.
This year alone hackers cut off heating to homes across the US East Coast after hacking an oil pipeline, ending in a $4.4M ransom payment. Another group attempted to poison water systems in Florida. From smart factories to self-driving cars, we’re becoming more vulnerable than ever to security breaches as companies move towards AI and the cloud.
Cybersecurity experts predict that ransomware costs will reach $20B by the end of the year and balloon to $265B by 2031. As these cyberattacks become more frequent, businesses, institutions, and individuals are at risk. How can we keep our systems safe in the face of ever evolving cyberattacks?
With financial institutions having been one of the first targets hackers began attacking, banks have advanced security systems and teams that have been studying the evolution of cybersecurity threats over the years. We spoke with Lalit Bhakuni, Head of Global Cyber Intelligence Center at ABN AMRO, about how the cybersecurity threat is evolving in 2021, what businesses should do if they’re hit with a ransomware attack, and steps both businesses and individuals should take to stay safe.
The rise of Ransomware as a Service
Like other types of malware, ransomware attacks use a file or code to infect and steal data. But it goes a step further. Bhakuni tells The Next Web that ransomware is especially dangerous because of its immediate and long-term damage to a company’s security and reputation.
It’s double extortion. They’re not only encrypting your system, but they’re also extorting you because they’ve already taken your data and say, ‘If you don’t pay us, we’ll publicize everything.’
This can deliver a huge blow, not just financially, but also in terms of user or customer confidence.
The rise of digital connectivity and remote working during the Covid-19 pandemic has provided cybercriminals with many opportunities to attack vulnerable systems. It’s no coincidence that the recent spate of ransomware attacks has targeted large organizations with an extensive reach. According to Bhakuni, “Crime groups have been conducting small phishing campaigns targeting employees to get their credentials.”
These increasingly sophisticated attacks are the result of cybercriminals banding together as a larger group to target businesses and institutions. Bhakuni says, highlighting a recent cybercriminal trend, “They have transformed ransomware into a corporate style supply chain. We call this ‘ransomware as a service.’”
According to CBS News, groups like DarkSide (the hackers behind the Colonial Pipeline attack) are even providing what’s being called RaaS, ransomware as a service. These sophisticated cybercrime groups operate like a normal company, complete with marketing teams and customer service. They even have negotiators who can handle comms with the victims on behalf of their clients.
What to do if your company gets hit with a ransomware attack
So, in the worst-case scenario of a devastating ransomware attack, should you pay the ransom? The answer is a defiant “No,” from Bhakuni, who says paying cybercriminals could set a dangerous precedent for repeat attacks. He also warns against negotiating with attackers and says the best response is preventing an attack in the first place.
Any organisation has to consider that either today or tomorrow, they could be a victim.
Preparing for a ransomware attack is the best form of defense, according to cybersecurity experts. “Businesses need to prepare backup solutions and make sure that all these things are tested,” suggests Bhakuni. “They have to follow a standard operating protocol which should be built into their policies because the policies will [act as a] guide.”
Bhakuni says there are several ways to protect yourself from a potential ransomware attack as a computer user at home. Antivirus software is an excellent initial line of defence, alongside other measures. “If you have no other means, make sure that your personal and sensitive files are encrypted and password-protected, and not something like ‘my favorite password’ or ‘password123’ because those are easily crackable.”
Reducing the risk of data exposure is one way to prevent cyber attackers from grabbing your most valuable digital assets, according to Bhakuni. “These days, a lot of home users store their critical files or photos in a separate NAS storage.”
Why vigilance could save you from the next ransomware attack
With the growing threat of ransomware, businesses and individuals can’t afford to rest on their laurels. Being proactive rather than reactive is necessary in today’s climate. Understanding the magnitude of the threat is vital in the fight against cybercrime.
“One of our priorities is to understand our threat adversaries and to build a defence against it,” Bhakuni explains. “It’s exciting because we have more than 400+ people in our CISO department with the same objective. It’s a continuous learning approach. You have to continuously develop new tools, and continuously know who your adversary is and how they’re going to target you.”
Although cybercriminals are becoming more advanced in extorting victims, cybersecurity professionals are also innovating in their approach.
Technology is advancing on both sides, so it’s a cat and mouse game that we’re playing.
Bhakuni says technologies like machine learning will be helpful in the future fight against ransomware attacks. “I see it on a global scale, especially on a lot of products, but machine learning also has disadvantages because these criminals are also learning these things, and they will certainly find some sort of loopholes in that as well.”
Self-healing cybersecurity software, based on the human body’s immune system, is another new technology ABN AMRO, along with several other partners, have recently deployed to fight cybercrime.
Staying knowledgeable about new attacks and continuing to develop an understanding of the ransomware landscape is a necessity. Even when you think you’re covered, Bhakuni says it’s best to confirm and avoid any nasty surprises down the road.
Sometimes I see organisations claim, ‘Yes, we have the world’s best class security.’ But did you ever test that security? If not, who knows?
It comes down to using the tools that are available, staying alert, continuing to develop your strategy, and making sure you stay ahead of the cyber criminals. While the scale of the situation might be different in your circumstance, the same principles can still apply. Safety first – especially online.
Get the TNW newsletter
Get the most important tech news in your inbox each week.