Ransomware attacks are becoming more prolific
Recently, well-publicized ransomware incidents have targeted entities across industries, from government organizations and school districts to privately held operations, hospital systems and financial institutions. While the threat of ransomware is nothing new, we are learning of alarming trends suggesting attacks are evolving to become more disruptive and payment demands more consequential than previously known. Ransomware is no longer simply a nuisance; attacks are rendering businesses inoperable, significantly eroding public confidence, and costing businesses millions to remediate.
Ransomware attacks typically begin with a targeted email message containing malicious software. Once introduced, the malware spreads throughout the network, encrypting documents or files and rendering them inaccessible until a ransom is paid by the victim.
In the past, these attacks normally targeted specific documents or files. Today, however, the attacks are creating havoc by infiltrating entire operating systems; deleting onsite backups; and exfiltrating sensitive data, with threat actors threatening to publish confidential information if their demands are not met. As these criminals become more emboldened, they are seeking larger ransom payments, now easily reaching seven figures.
In one recent incident, a bank was shut down for several days after numerous systems in its environment were attacked, including its core operating system, online banking platform, and telephones. The extortionists demanded a ransom in excess of $1,000,000.
The increasing frequency of attacks has garnered the attention of the U.S. Treasury’s Office of Foreign Assets Control. An advisory issued in early October 2020 provides some background on attacks, identifies several known malicious actors, and suggests a risk-based compliance program to mitigate exposure. The advisory also warns victims can be fined if they pay ransom to groups that are under economic sanctions. A similar advisory was issued by the Financial Crimes Enforcement Network.
Experts continue to suggest common-sense security measures are the best first step in protecting your institution. These recommendations include:
- Training employees to recognize suspicious emails and attachments
- Keeping antivirus and anti-malware software up to date
- Ongoing, regularly scheduled offsite (cloud based) backups that are not connected to the networks being backed up
- Refining incident response and business continuity plans to reflect today’s threat environment
There are emerging technology solutions available to help fortify your defenses against malware. A number of providers offer solutions that monitor entry points and network workflow to detect threats. The tools capture and analyze big data across many channels and use machine learning to continuously refine their algorithms to predict and prevent both novel and known variants of malware. The detection and response capabilities work in real time and are significantly more effective in thwarting threats from ransomware and other novel malware than off-the-shelf antivirus software.
As the frequency and severity of ransomware attacks continue to increase, it is critical that institutions evaluate the security measures they have in place and implement/update security measures to keep a step ahead of potential threats.