Neil Stobart, VP of Global System Engineering, at the cloud data management company Cloudian, offers five ways the ransomware picture has changed since the 2017 case of WannaCry.
This May marks five years since the WannaCry ransomware attacks stunned the world and showed how ruthless cyber criminals can be – with vital services heavily impacted. The attacks, which quickly spread across continents, demonstrated vulnerabilities that could easily be exploited. In the UK, the WannaCry attacks shook the entire IT landscape and highlighted that nobody was safe. The NHS was a high-profile victim, with hospitals and GP surgeries across England and Scotland disrupted.
Five years later, ransomware has become an ever-present threat to businesses, public institutions and other organisations. So, what’s changed in that time? There are several factors that have driven the proliferation of ransomware attacks, but there is also greater awareness of ways to minimize the impact.
1. Ransomware is now more sophisticated
Just like in the WannaCry days, phishing and malicious links are still some of the most common delivery methods for ransomware. However, in the intervening years, phishing attacks have become increasingly sophisticated, with cyber criminals taking more personalised approaches to make emails and web pages seem legitimate. As a result, despite anti-phishing training for employees now being a standard and necessary practice, it’s far from fool proof. Research carried out by Cloudian in 2021 found that almost two-thirds (65 per cent) of respondents who reported phishing as the entry point for a successful ransomware attack had previously conducted anti-phishing training.
Similarly, the advancement in the sophistication of ransomware itself has meant other traditional defences such as threat detection and antivirus software and firewalls are no longer enough to keep ransomware out.
2. Ransomware-as-a-service has emerged
Thanks to the emergence of ransomware-as-a-service, it’s now easier than ever to deploy a ransomware attack. Highly skilled hacking groups now routinely sell this service on the dark web, an unregulated and untraceable platform making it very difficult to shut down such operations. Tools that provide the capability to carry out an attack can be bought by anyone and deployed in minutes – without any technical knowledge. As a result, the quantity of ransomware attacks facing businesses has soared, as more criminals enter this lucrative line of work.
3. The popularity of crypto has skyrocketed
Cryptocurrencies have become much more popular and valuable over the last five years. In addition, there are now many more legitimate uses for cryptocurrency. As such, it’s now easier than ever for cyber criminals to anonymously collect and launder ransoms paid in digital currency. In fact, a recent report found that criminals laundered $8.6bn (£6.4bn) of cryptocurrency in 2021, up by 30% from the previous year. Thanks largely to the rise of cryptocurrency, the vast majority of perpetrators of ransomware attacks are never caught. This not only leaves them free to reoffend but also encourages more people to commit these “low risk” crimes.
4. The threat of data leaks is more common
Previously, the chief goal of ransomware was to “lock” victims’ data and disrupt their business operations. Cyber criminals would then demand a ransom, threatening to delete data if victims didn’t pay up. Now it’s also common for cyber criminals to threaten organisations with an embarrassing data leak – which can seriously impact public trust and competitiveness, as well as result in regulatory penalties.
5. Increased focus on ensuring quick recovery
As traditional defences have increasingly fallen short in keeping ransomware out, more and more organisations are recognising the need to focus greater attention on being able to quickly recover from an attack, ideally without having to pay ransom. The best way to do so is by having an immutable data backup copy. Data immutability ensures that once data has been written, it can’t be changed or deleted until a specified time period has elapsed. This prevents cyber criminals from encrypting the data and enables ransomware victims to restore the unencrypted backup and resume operations, without paying ransom.
Data immutability is based on WORM (write once, read many) technology, which has been around for years. However, whereas this technology was difficult to implement in the past, it can now be easily deployed and run automatically as part of a standard backup process. In addition to recognising the importance of data immutability, organisations are increasingly realising that they must encrypt sensitive data in flight and at rest to counter the threat of ransomware-based data leaks. Encryption prevents cyber criminals from reading or making data public in any intelligible form.
What’s next?
Ransomware isn’t going away anytime soon, and some experts are predicting that its total cost to victims will rise to an eye-watering $265 billion annually by 2031.
Looking forward, it’s likely that cyber criminals will add new attack vectors to their already impressive arsenal. According to Mick Cooper, Managing Director at iSYSTEMS – an organisation with years of experience helping companies defend against and recover from attacks – we’re likely to see an increase in the physical delivery of ransomware. For instance, international cyber gangs might send local counterparts into premises where IT equipment is present and feed in ransomware that can lay undetected until activation. This is just one of many developments we might see. All in all, it’s clear that ransomware has evolved significantly and will continue to do so. That makes it imperative that businesses not only remain vigilant in protecting against ransomware but also ensure they have a robust recovery plan featuring data immutability and encryption in place.
More from Neil Stobart on the Cloudian blog.
