Cybersecurity experts estimate that there is a ransomware attack every 11 seconds. This makes it a challenge to individuals, businesses and even governments.
In ransomware attacks, cybercriminals encrypt a victim’s network or data, making it inaccessible until a ransom is paid. Despite organizations’ efforts to reduce the attacks, cybercriminals also are advancing their attack methods. For instance, an organization may have backups they can use to restore their systems, but the criminals also demand ransom not to publish the sensitive company information they have in their possession.
Ransomware is not a new cybersecurity threat. It is traced back to 1989 when the first ransomware was released through floppy disks and required a victim to send money to a post office box in Panama. As technology now has advanced to allow for always-on connectivity, the prevalence of ransomwares has grown tremendously. The use of bitcoin and other cryptocurrencies as payment make it more complicated as they are difficult to trace. These attacks such as the WannaCry, CryptoLocker, etc. have resulted in billions in losses through infrastructure and business outages and millions of dollars being paid to the attackers.
Ransomware has grown so much that organized gangs are offering cybercriminals services for hire. This is made more intricate by the availability of ransomware-as-a-service (RaaS) to provide infrastructure to other cybercriminals to escalate their attacks.
Ransomware has become such a global threat that in a joint advisory made up of CISA, FBI, NSA and International Partners, has called for every government, business and individual to be aware of this threat and take necessary action to avoid becoming victims.
President Joe Biden also continuously issues warnings to business leaders to strengthen their companies’ cyber defenses. The risks of cybersecurity are expected to increase with the ongoing invasion of Ukraine by Russia.
On the other hand, there are efforts to reduce the threat scale by various groups. One such group is the Cyber Threat Intelligence League (CTI-League), made up of cybersecurity experts from different countries. They have helped take down malicious websites, detect vulnerabilities, collect and analyze different phishing messages, and assist law enforcement organizations in creating safer cyberspace.
Protecting Against Ransomware
Before a ransomware attack is fulfilled, there are detectable activities that can aid in mitigating an attack. In any case, the attackers target specific user behavior, unchanged default security configurations and common technology vulnerability. This means that ransomware attacks can be avoided. Some ways to keep safe from ransomware include:
The CISA, FBI, NSA and International Partners joint advisory discourages paying ransom to cybercriminals and recommends following the CISA ransom response checklist, and reporting to cybersecurity authorities such as the FBI, CISA or the U.S. Secret Service. System administrators should also follow incident response best practices that can aid in handling malicious activity.