Over the past two decades, ransomware has grown from something people really initially disregarded as a mere nuisance to one of the biggest threats confronting governments and organizations continuity. Over the past two years, it has hit many in our communities hard and there is no clear sign of hackers and criminals stopping these types of attacks.
The two big drivers to ransomware’s success?
Valuable data stored under insecure conditions and the financial explosion of ransomware payments fueling new budding criminals eager to earn big bucks by hacking their way into your networks.
While in many cases, ransomware payments have grown inevitable, especially since many cyber insurance policies will only provide you sufficient reimbursement to cover ransomware payments (costs that are miniscule in comparison to complete ransomware recoveries from backups or through brute force decryption). Insurance companies are actually forcing businesses to pay ransoms as a means to recover, fueling to the fire of attacks hitting US businesses today.
As a business owner or CEO, while this may seem unpleasant and unfair (to pay criminals for your data), the reality is that the fuel of this fire is already flooding the Dark Web with eager hackers to use the latest hacking tools to break into networks, detonate a ransomware and reap virus any rewards.
Most of these ransom payments today are large enough to feed their families comfortably for years (a typical demand in 2020 ranges in the tens to hundreds of thousands of dollars).
This flood of the cyber crime community with new eager hackers is not really something we can directly impact through business security strategy.
What is more interesting from a security standpoint to your business is how your organizations stores its data and is able to recover it. This is where you have direct impact on your business continuity in the event of an attack and can assure any stakeholders of your security stance when it comes to data breaches or ransomware attacks.
To prepare for attacks today, one of the strategies many cybersecurity experts recommend is to look at what tools and tactics hackers have been using in the past. In all likelihood, new types of attacks will be slight modifications of old techniques.
One clear example to look at is SamSam.
SamSam first appeared in late 2015, but has remained in high-profile cases in the past couple of years. Remember when the city of Atlanta was shut down by an attack a couple years back? That was SamSam. McKesson AllScripts having many providers fall victim to attacks? Also SamSam.
SamSam is a perfect example of where ransomware is headed. Instead of individual hackers looking for specific vulnerabilities in your network, SamSam was one of the early ransomware-as-a-service model ransomware packages.
That means that some really smart software developers that had acute understanding of how your Windows Operating system worked had devised code that they then sold to less talented hackers as a subscription service.
SamSam doesn’t indiscriminately look for a specific vulnerability (something that other ransomware viruses had been doing). Instead, it probes pre-selected targets for a variety of holes. Once inside the system, the attackers diligently work to escalate privileges on the network to ensure they will have significant reach across your network when they begin encrypting files.
SamSam attacks have led to damages in the millions of dollars in recovery efforts and data loss—one of the biggest and most impactful to date.
What to learn from SamSam? You’ve got to be diligent to prevent vulnerabilities in your network. As security analysts report new issues, don’t think twice that some cybercriminal isn’t evaluating that vulnerability, reverse- engineering it and figuring out if it would make for a good ‘in’ to your network.
While SamSam is no longer a virus that is hitting networks, there have been several others that have used SamSam’s success to create newer and more sophisticated ransomware variants.
What can you do to prepare for ransomware attacks?
My advice is not necessarily new. While vulnerabilities change and messaging might change in how attackers are communicating with their victims in phishing attacks, the common advice remains the same.
Keep informed—if you as a business leader have no idea of what is going on in business cybersecurity (at the highest level), you might be keeping your head in the sand while the world around you is on fire. Keep informed on big issues—who is getting attacked?
How are criminals getting in? What are the implications of an attack? What have recovery efforts typically amounted to? Is your team addressing any vulnerabilities related to attacks in the news (likely an attack will strike more than one organization)?
Re-evaluate your threats regularly—as threats pop up (for instance as Microsoft releases new vulnerabilities or as new attacks are popping up within organizations), has your IT team evaluated your organization’s stance on those issues? In all likelihood you will need some visibility on this.
Keep your tech team vigilant—Has your team opened holes in your network? The majority of businesses have invisible holes in their networks that IT doesn’t even know about. Security experts recommend checking up that your network is secure by performing a network security assessment.
Incorporate cybersecurity into your culture—as you and your team improve with your personal cybersecurity and are aware of dangers and opportunities around you, your organization will most definitely benefit from having better hygiene and in turn a safer cyber environment to work in.
Not sure where to start?
Consider a network security assessment to identify your issues and prioritize how to get them addressed.