Successful ransomware attacks will continue to grow this year due to increasingly sophisticated tactics. This is according to research from Databarracks, revealing ransomware attacks on UK businesses have increased by 26 percent since 2018.
According to Peter Groucutt, managing director of Databarracks, new ransomware tactics deployed by criminals will result in more successful attacks on organizations in 2021:
“Ransomware is evolving. Cyber-criminals are deploying more sophisticated and innovative ways of extorting businesses and evidence shows this will escalate over the coming year. Outright prevention of ransomware is impossible, but it’s important organizations learn from the new methods used by criminals in order to defend themselves.”
Examples of the ransomware tactics now being deployed by criminals include:
- Double extortion attacks where in addition to paralysing systems, criminals also threaten to release personal or sensitive data on the Internet or to the press. This adds the pressure of a regulatory fines and reputation damage, if organizations refuse to pay the ransom.
- Attackers are also waiting longer before encrypting data, to outlast backups. Cyber-criminals know that there is a much greater chance of payment if the victim doesn’t have a good backup to revert to. Because of this, attackers access systems and install ransomware but don’t execute immediately.
- In attempts to put pressure on victims, ransomware gangs now cold-call victims directly, if they suspect the company might try to restore from backups and avoid paying ransom demands. This is an intimidation tactic designed to make the attacker seem omniscient and make the victim feel like any suggestion of recovery is futile.
- Finally, ransomware is targeting backups directly. Without the ability to successfully restore systems organizations are left with no option other than to pay the ransom.
To mitigate against ransomware threats, Groucutt says: “More companies will pay ransom demands, as the sophistication of attacks increase. But paying a ransom does not guarantee you will get your data back. The only way to secure your data is to have reliable backups.”
Groucutt continues, “You must assume that you will suffer a successful attack. From that position, you have two objectives: to quickly detect and respond to limit its reach and to bring systems back online and have the business operational as quickly as possible. It’s critical your incident response team or crisis management team has the authority to make large-scale, operational decisions to take systems offline to limit the spread of infection. The business must then find when the ransomware installation occurred in order to restore clean data from before the infection. Once the most recent clean data is identified you can begin a typical recovery, restoring data and testing before bringing systems back online again.
Groucutt concludes by saying, “This response is contingent on having good backups so it’s vital that they are protected. Firstly, there must be an air gap between your production systems and your backups to prevent ransomware infecting both. Backups should be outside the network domain and you should keep copies in multiple locations or even separate clouds. You can also make your cloud storage immutable to prevent backups being changed by ransomware.”