A comprehensive report by cyber security solutions vendor and consultants Check Point has provided a startling yet informative snapshot of the world of cyber security over the past year.
One of the key aspects of the report is on the rise, proliferation and devastating impact of ransomware attacks, with the report estimating that they have inflicted a cost of around $20 billion to businesses around the world during 2020 alone.
The report includes a detailed retelling of major cyber security threats, attacks and events during the year, as well as forecasts on what is expected to take place during the current year in the cybersecurity landscape.
It stressed that companies and organisations must not rest on their laurels in the event they have already deployed measures to detect any threats and then execute a plan of remediation. It is crucial that organisations also consciously adapt their planning so that it incorporates robust elements of threat prevention as well.
What exactly is ransomware?
While all forms of malicious software (malware) are unwanted for the potential harm they can cause to your devices, network, business and personal life, not all of them are designed in quite the same way nor are they created to behave in similar ways.
Indeed, even though malicious entities can proliferate viruses and other forms of malware to extract information that may be valuable to them at a later stage and perhaps pending some sort of modification (e.g. data analysis, information gathering to inform future decisions), other entities have a much more short-term and immediate objective in mind: extracting as much monetary value from their victims in as quick and efficient a manner as possible.
This is the purpose of ransomware, a very specific form of malware. Ransomware infects your device, predominantly computers since these are the devices most of us perform our most critical file-based work on, affecting its performance in some way and holding it hostage in exchange for a monetary reward. The majority of ransomware attacks involve the encryption of some or all locally-stored files and a message displayed to the user that their files will remain encrypted forever unless the attacker is paid a fixed sum of money by a predetermined deadline.
Ransomware attacks are far from a novel threat. The earliest incident of ransomware goes back all the way to 1989 when 20,000 floppy disks were disseminated at a World Health Organization conference. The floppy disks contained a Trojan virus which encrypted file names and hid file directories.
Ransomware has become much more commonly used in the past decade or so, boosted by the spread of RSA encryption in the mid to late 2000s. Specifically, 2013 is seen as a pivotal year in ransomware, since it was the year in which the first instance of CryptoLocker and its copycat software Locker were recorded. This, of course, coincided with the adoption of various cryptocurrencies, which is the preferred payment method for malicious entities since it facilitates anonymity when receiving the extorted funds.
While the majority of ransomware relies on spear phishing (using seemingly legitimate emails to spread malicious files) to target potential victims, the popularity of social media and its increased functionality has given hackers new means of infecting users and their devices. This was particularly evident in 2016, when an estimated 638 million ransomware attacks took place, driven by the creation and spread of Locky, a ransomware utilising malicious macros.
What are some types of ransomware attacks?
While some attributes are shared between ransomware attacks, they unfortunately come in a number of variants, each one with its own method of operation, characteristics and general behaviour. We have already discussed the threat of Crypto style ransomware, but let us delve into some other types of attack.
Locker ransomware: this type of attack actually kicks the user out of their own device and demands a fixed sum of money to provide them with the code necessary to regain access.
Scareware: Similar to spear phishing, scareware attacks involve the use of deliberately legitimate-looking design and wording to trick the user into willingly downloading and installing malware, often by frightening them with messages of them having already been infected and their application purportedly offering a solution.
Botnet attacks: Botnets utilise a large connection of devices, all of them connected to the internet, with each device running several bots, essentially creating a giant network of specifically-designed programmes, thus the moniker. Botnets can be used to facilitate distributed denial-of-service (DDoS) attacks, as well as to steal data from an organisation.
Enterprise ransomware: It stands to reason that a large number of ransomware are aimed at large organisations and other such enterprises for the simple reason that they can extract more money out of such companies. One way they do this is by threatening the organisation with a distributed denial-of-service (DDoS) attack, which would cripple the organisation’s website and online services, unless they pay an amount as ransom.
An additional way of enterprise ransomware involves the malicious actors having already extracted business-critical data or personal data submitted by the organisation’s clients and users and threatening to release this data to the dark web or to make it public unless a ransom is paid to the malicious entity making the threat.
An example of this took place in 2014 when a hacker group calling itself the Guardians of Peace managed to hack Sony Pictures. The group did not only release confidential data to the public, damaging the company in the public sphere, but it also deployed a type of malware called Shamoon wiper to completely erase Sony Pictures’ entire IT infrastructure.
But how widespread are ransomware attacks?
The Check Point report makes for some unpleasant reading:
100,000 malicious websites are designed to spread malware and attack users and organisations.
10,000 malicious files aim to extract data or cause some form of disruption on a daily basis.
44 per cent of organisations have had at least a single internal user employed by the organisation download a malicious mobile application which posed a risk to their data and infrastructure.
In the third quarter of 2020, almost half of all ransomware attacks involved the threat of disclosing maliciously extracted data, while the average ransom fee demanded by the malicious actors was $233,817, representing a 30 per cent rise over the average fee in the second quarter of 2020.
Banks face a serious threat by a type of Botnet-style malware called Emotet, which has now also evolved to attack other large organisations.
“The rate of cloud migrations and deployments has raced ahead of security teams’ abilities to defend them against attacks and breaches,” said Check Point’s Head of Cloud Product Line Tsion Gonen.
“Over 80 per cent of organisations say their traditional security solutions either don’t work at all, or only provide limited functions in cloud environments – creating a great opportunity for threat actors targeting the cloud,” he added.
“To close these security gaps, enterprises need to get holistic visibility across all their public cloud environment and deploy unified, automated cloud-native protections. This way, they can keep pace with business demands while ensuring continuous security and compliance,” Gonen concluded.