The digital threat known as ransomware has become a headache for boardrooms. Once a niche cyberthreat, these malicious criminal schemes now cripple businesses large and small, encrypting vital data and demanding hefty ransoms to recover it. Tech leaders warn of an AI-driven future, where attackers will create ever more devious encryption tools. Yet amid the digital chaos, some optimism persists — provided companies properly shore up their cyber defenses.
The ability of businesses to weather the storm ultimately depends on whether they understand the dangers it poses and, more importantly, whether they know how to take practical steps to protect their digital assets from ransomware.
Senior Technical Manager at ExtraHop.
Recognizing the ransomware epidemic
The once marginal ransomware threat has morphed into a sophisticated multi-billion dollar criminal enterprise, surpassing $1 billion by 2023. What began as a tactic employed by opportunistic hackers has evolved into a global extortion ring, with organized groups of cybercriminals employing advanced encryption techniques and psychological manipulation tactics to cripple businesses and institutions.
This escalating threat landscape poses a significant challenge for modern corporations and demands a recalibration of cybersecurity strategies to address the changing tactics of the digital shadows.
Understanding the rise of RaaS
Ransomware-as-a-Service (RaaS) has become a game-changer in the cybercrime landscape. This insidious business model allows anyone, regardless of technical expertise, to become a ransomware attacker.
Imagine a “Deliveroo for malware.” Developers create and maintain the malicious software, while affiliates simply rent access and use the tools to launch attacks. RaaS marketplaces offer a one-stop shop for budding cybercriminals, offering everything from customer support to malware updates. This low barrier to entry has fueled a rise in ransomware attacks.
One of the most high-profile cases of RaaS in history was seen with the DarkSide attack on Colonial Pipeline in 2021. The attack left hundreds of Americans facing gas and supply shortages after Colonial Pipeline, the owner of a pipeline system that transported fuel from Texas to the Southeast, suffered a ransomware attack on its computer systems. Colonial Pipeline ended up paying a staggering $4.4 million in ransom, leaving the company scrambling to restore operations.
Learn from the LockBit case
The rise of ransomware is exemplified by the LockBit attack, a particularly virulent strain that rose to prominence in 2019 and accounted for nearly half of all ransomware attacks in 2022. This malware employs a “double extortion” tactic, encrypting vital data and threatening to leak it online if ransom demands are not met.
Operating as a ransomware-as-a-service (RaaS) system, LockBit enabled a network of criminals to target a wide range of victims, from corporations to critical infrastructure providers. LockBit’s operators went so far as to offer a $1 million reward to security researchers and ethical or unethical hackers who could improve the security of their software. Their ruthless efficiency and adaptability have highlighted the growing dangers posed by ransomware.
LockBit’s success is a clear wake-up call for the cyber industry. Traditionally focused on perimeter defenses, the industry must adapt to this new reality of aggressive and adaptable attackers. This requires a multifaceted approach.
On the one hand, cybersecurity companies need to develop more sophisticated detection and prevention tools to stay ahead. On the other hand, a cultural shift is required that prioritizes employee training and incident response planning. Ultimately, the cyber industry’s ability to mitigate the rising tide of ransomware will depend on its ability to innovate and foster a more proactive security posture.
Prevent employees from welcoming bad actors
For many companies, the digital perimeter resembles a dilapidated Cold War watchtower, poorly maintained and understaffed. Legacy systems, riddled with unaddressed vulnerabilities, offer easy access to attackers.
Authentication protocols, which are often weak, offer easy entry points for stolen credentials. Perhaps more worrying is the human factor. Untrained employees remain vulnerable to phishing scams, unwittingly downloading ransomware with a single click. These shortcomings paint a bleak picture for many businesses.
Despite this, there is a solution. Companies can solidify their employees’ knowledge of cybersecurity by implementing regular training that combines basic awareness topics with job-specific best practices. This training should be engaging and frequently updated to reflect the ever-evolving threat landscape. Leaders can cultivate a culture of security by acting as role models and encouraging open communication about cyber risks. Regular reminders and testing can also solidify employees’ understanding and ensure they maintain crucial cybersecurity practices.
Accelerating advocacy awareness for action
A key solution to protect businesses against ransomware attacks is network detection and response (NDR). NDR systems are the digital equivalent of a well-trained watchdog. These monitoring tools continuously scan network traffic and detect anomalies that could indicate a ransomware attack in progress.
Unlike its canine counterpart, NDR operates with millisecond accuracy and identifies suspicious activity (unusual attempts at data exfiltration or unauthorized access attempts) in real time. This rapid detection allows security teams to act quickly and potentially eliminate the ransomware threat before it can encrypt a company’s data.
NDR systems can also recognize the telltale signs of ransomware encryption, allowing infected devices to be quickly isolated and thus preventing the infection from spreading throughout the network. In the growing war against ransomware, NDR stands as a crucial line of defense, offering a multi-layered approach: identifying suspicious activity, facilitating a rapid response, and containing the threat before it can wreak havoc.
Making RaaS an outmoded threat
The future of ransomware may be bleak for businesses that are of interest to hackers, as the spectre of AI-powered attacks looms. However, this doesn’t necessarily mean giving up. By recognising the threat, prioritising cybersecurity investments and fostering a culture of security awareness within organisations, businesses can strengthen their digital defences.
We have listed the best identity management software.
This article was produced as part of TechRadarPro's Expert Insights channel, where we showcase the brightest and brightest minds in the tech industry today. The views expressed here are those of the author, and not necessarily those of TechRadarPro or Future plc. If you're interested in contributing, find out more here:
