Ransomware isn’t something that should be taken lightly. Modern “multi-ransomware attacks” are still the most dangerous online threat facing companies. With the emergence of new encryption methods and the spread of various new cryptocurrencies, ransomware attacks have once again shot up and have become a lucrative business model.
Today, companies of all shapes and sizes are constantly faced with the threat of ransomware attacks. Using tried-and-tested methods such as phishing emails or malware, these now highly professional perpetrators can either gain access to a network themselves or are able to buy this kind of access via the “initial access broker” market.
The objective of ransomware perpetrators is to earn money. They use a multi-level approach (double extortion), which involves stealing the data first before encrypting it. If the victim doesn’t want to pay for decryption, they dial up the pressure by threatening to make the data public. A sample might then be published on the Dark Web. Or worse still, the victim might have already coughed up the money for the decryption key and now be asked for even more to prevent their data from being published. Triple extortion typically involves the addition of DDoS attacks aimed at putting the threatened company under even more pressure.
Ransomware attacks are now available as an SaaS service, offered as a kind of “Ransomware-as-a-Service”, meaning it is now relatively easy for a criminally motivated perpetrator to launch an attack without possessing any specific expertise themselves.
The National Cyber Security Center (NCSC) in Switzerland strongly advises affected companies against paying any ransom. Firstly, even if you do pay up, there is no guarantee that the data won’t continue to be circulated or that you’ll actually receive a decryption key for the encrypted data. Secondly, by giving in and paying the ransom figure, you are supporting the business model and the continued development of criminal activities.
No end in sight
In the official report for the first half of 2021, 94 cases were reported to the National Cyber Security Center. The figure is three times higher than last year and is just the tip of the iceberg, with the number of unreported cases believed to be much higher. Switzerland in particular has become a popular target because perpetrators know that Swiss companies are solvent. Meanwhile, extortion amounts in the region of 4% to 5% of company revenues are negotiated. Despite official advice not to give in to ransom demands, more than 30% of companies end up paying out.
The attack on the Colonial Pipeline Company garnered international attention when the company suspended the operation of its pipelines for transporting oil and gas after its administrative IT systems fell victim to an infection caused by “Darkside69” ransomware in May 2021.
The CEO later explained in front of a senate committee that the company had been forced to pay a ransom of USD 5 million. This was exactly one day after the cybercriminals had hacked the IT network and paralyzed fuel supplies.
Productivity goes out the window once companies no longer have access to their business-critical data. This also affects SME customers, manufacturing companies and craft enterprises. You need to calculate the costs of no longer being able to manufacture goods or fulfill pending orders as well as having to manage inactive employees and deal with customers who can no longer be served. It’s still difficult to estimate the financial losses caused by potential reputational damage following a cyberattack.
What’s the best way to protect yourself?
The attacks come in different forms and target different areas of IT infrastructure. While email remains the most common entry point for ransomware, vulnerabilities in servers and devices continue to be exploited, making active patch management (maintenance) just as important as organizational measures with corresponding access and authorization concepts. Continuous employee training also plays a vital role in raising awareness of the risks and protecting against cyberattacks.
The solution is: protection, detection and response
On the technical side, gateway security solutions such as firewalls, spam filters (email protection) and web filters are available for preventing intrusion. However, due to the increasingly sophisticated nature of attacks, traditional perimeter security solutions are no longer sufficient. The use of XDR solutions (extended detection and response) based on artificial intelligence (AI) is becoming more widespread as a permanent security monitoring system. These technologies enable security-relevant data to be correlated and analyzed in real time so that companies can react to a threat quickly and effectively.
What about your backup and recovery planning?
A correct backup is often the final safeguard to help protect a company against paralysis, and is the only way to restore the data without having to pay a ransom. To stop companies from restoring their data, attackers also try to find and encrypt the backup systems. A comprehensive backup and disaster recovery concept is therefore the only solution for protecting critical data against ransomware and other complex threats. To this end, modern analysis tools monitor the backup data and identify suspicious activities, therefore guaranteeing the restoration of intact data records.
Can you insure yourself against cyber risks?
Cyber risk insurance consists of combined packages and offers such as financial protection for third-party claims and demands relating to cyber risks and financial losses resulting from third-party deception (cyber crime social engineering).
Cyber risk insurance may also cover losses in revenue suffered by the policyholder (interruption of business) and any services required in the event of a loss (emergency costs, forensic services, crisis management).
But be careful – many insurance companies have tightened up their policy conditions and formulated specific cybersecurity requirements, leaving companies with no other option but to take out a pretty comprehensive policy. These measures include transparency over digital assets, a strong password policy, use of multi-factor authentication (MFA), employee awareness measures and patch management, and a solid backup strategy including recovery planning.
Who is ultimately responsible for protecting against ransomware?
In a corporate risk analysis, cyber threats are one of a variety of dangers that companies need to consider. Management is always responsible for assessing specific effects and possible implications and conducting a risk assessment. These tasks cannot be delegated further.
For a holistic overview, we recommend implementing an information security management system (ISMS). This type of system defines the policies (guidelines), concepts and processes to ensure information security throughout the entire company. Companies have to be capable of reacting quickly and effectively to cyberattacks. The most important keywords here are: business continuity (resilience), emergency planning and disaster recovery processes.
We’re happy to advise
Today, it is vital to have a competent partner by your side. We’ll put you in touch with the right experts and will be happy to support you with innovative security solutions and services from our cyber defense framework (NOP).
Interested? If you have any questions, please contact:
Michael Ulrich
Senior Business Development Manager
E-mail: michael.ulrich@datastore.ch