- Security TWENTY
- Women in Security
Ransomware-as-a-service drives more cyberattacks, but you can safeguard your data, writes Neil Stobart, VP Global Systems Engineering, at the storage and data protection product company Cloudian.
Over the past few years, ransomware attacks have become one of the greatest cybersecurity threats to organisations across the globe. These attacks can entail large recovery costs and cause widespread disruption, as highlighted in a recent 2021 Ransomware Victims Report on a survey of 200 organisations that had experienced a ransomware attack. For the 55% that chose to pay the ransom, the average payment was $223,000, but these organisations also spent an average of $183,000 more for other costs resulting from the attack. In addition, a majority of all respondents said the attacks significantly impacted their financials, operations, employees, customers and reputation.
This disruption can be severe, as was seen recently when Coop Sweden closed over 400 of its supermarkets after being hit by a ‘colossal’ cyberattack that targeted a large software supplier the company uses indirectly.
In this article, we discuss some of the key drivers behind the rise in ransomware attacks and why it’s essential to move beyond traditional defensive measures to safeguard your data.
Ransomware has proliferated for a number of reasons, including the fact that organisations are increasingly dependent on their data and therefore willing to pay significant amounts of money to get it back when ransomed. In addition, the shift to more remote working and learning during the COVID pandemic has created security vulnerabilities that make it easier for ransomware to penetrate. However, perhaps the biggest driver of the ransomware surge has been ransomware-as-a-service (RaaS).
In the past, cybercriminals had to be sufficiently tech-savvy to develop malware and execute successful attacks. This required a background in software development to create ransomware and a solid understanding of security architectures to penetrate a victim’s defences. As ransomware attacks became increasingly lucrative, however, a black market for ransomware-as-a-service emerged. Like any legitimate technology offered “as a service,” RaaS makes a previously complex process simple and convenient, allowing anyone with the time and inclination to leverage it.
As a result, criminals with little or no IT background are now able to capture a major organisation’s most critical data. Recent statistics show that RaaS has helped fuel a significant boom in ransomware attacks: According to a recent cybersecurity study, nearly two thirds of ransomware attacks in 2020 were launched using RaaS.
RaaS schemes operate under an affiliate model: cybercriminals purchase or lease malware from seasoned developers with experience writing ransomware software. The cybercriminals then deliver that ransomware to organisations across the globe via email, plug-ins, infected software and Remote Desktop Protocols. When one of those organisations falls victim, losing control of their data and eventually paying a ransom, the cybercriminals send a portion of the profits back to the ransomware developer. They even manage and track the process as campaigns, just like normal sales or marketing efforts.
Despite RaaS driving increased ransomware attacks, many organisations continue to rely on the same traditional approaches to thwarting ransomware – perimeter security solutions such as firewalls and anti-malware software and other defences such as anti-phishing training for employees. However, these approaches are clearly failing, as can be seen in continuing headlines and confirmed by the ransomware victims report mentioned earlier.
In that report, 49 per cent of the ransomware victim organisations had some form of perimeter defences in place, and in the case of those penetrated by phishing, 65% had conducted anti-phishing training.
With RaaS making it easier than ever to launch an attack, ransomware becoming more sophisticated and traditional defences falling short, organisations need to assume that ransomware will get in and focus greater attention on being able to recover quickly without paying ransom. When it comes to data, the best way to ensure such recovery is by having an immutable backup copy.
With data immutability, once a backup data copy is written, it cannot be altered or erased, making it impossible for ransomware to encrypt that data. If a ransomware attack does occur, organisations can rapidly restore their data from the most recent backup through a normal recovery process. There’s no need to pay a ransom and minimal downtime.
Object Lock, a new feature that is supported by certain enterprise storage systems, provides data immutability as part of an automated backup workflow, with no manual intervention required. In addition, because Object Lock leverages the industry-standard S3 API, there are a variety of storage vendors, data protection software vendors and cloud providers that support it.
Like they did with RaaS, cybercriminals will continue to develop new ways to make ransomware easier to deploy and even more pernicious. The good news is that data immutability not only enables organisations to safeguard their data and avoid paying ransom but also, by doing so, helps break the cycle of ransomware payments funding additional attacks.