Of the many threats that industry spanning worldwide organizations face and continue to be on the uprise, the most common and intractable is Ransomware.
Whilst many organizations are adapting improvements to better combat and recover from attacks, ransomware threat actors are also adjusting their attack models also. By September 2020, 1 in every 4 attacks that are remedied have been caused by this one threat since their large explosion of activity in June 2020, with September 2020 seeing a third of attacks.
Corporations have sustained heavy attacks in 2020 with increasing ransom demands from attacks that blend ransomware with data theft and extortion and there is a hefty increase with some demands over $40m. Schools and universities have found themselves prime targets this year with the advent of virtual classes and hybrid environments.
How can ransomware be identified and what can companies do to fight this online attack on their operations and security? What can be done better in how to protect data online?
Looking into data from the second quarter of 2020, IBM Security X-Force observed a general shift in attacks via ransomware. The hardest industry to be hit was the manufacturing sector equalling a quarter of incidents so far reported over the year. Professional services fell into the second highest targeted sector with 17% of targeted attacks. The government sector ranked third with 13% of overall attacks.
Attacks on these three sectors in particular highlight that ransomware threat actors are circling around sectors with lower downtimes, such as the case with our manufacturing networks. Industries that require the highest uptime stand to lose millions with each day their business operations are ground to a halt, indicating that they may be the prime candidates to pay a hefty ransom to resume operations and protect data.
As mentioned, academic institutions have seen a larger increase of attacks in May and June of 2020 with universities paying large ransoms in the US up to $1m to ensure the safe return of faculty, student and research information, with further institutions attacked in August and September.
If your business or institution has come under fire from ransomware, there are precautions that can be put into effect to avoid paying a hefty ransom. In certain cases where ransomware has attacked, malware reverse engineers have been quick to create custom decryptors to restore encrypted files. Whilst this is an exception to the rule, it underscores the importance of having a variety of options in place other than submission of millions.
Paying a ransom will always encourage an attacker to return and promote their business model for others, whilst giving other cybercriminals knowledge that your business is a paying victim. In order to mitigate risk and minimize damage, businesses can establish and maintain offline backups to make sure files are safely stored away from availability from the attacker.
Also implementing a strategy to prevent unauthorised data breaches that applies to the large uploaded data to cloud storage platforms. By looking into behavior analytics, companies can identify any potential security breach once triggered, allowing them to audit, monitor and act on any attack immediately.
All remote access points can employ multi factor authentication into an enterprise network and secure and disable remote desktop protocol access, which allows ransomware to exploit weakness in order to gain entry. Penetration testing can also identify weak points in networks and highlight where needs patching.
For more information, join the discussions with Whitehall Media and check out our upcoming events for all the latest data breach news and preventions.