Cryptojacking is so 2019. Ransomware is reemerging as the top cybercrime of choice, with attacks expected to increase in 2020.
The pivot back to ransomware can largely be attributed to the attacker’s ability to contextualize the malware and weaponize it in targeted attacks. These enhanced capabilities are exacerbated by the ease of access through ransomware as a service, which enables script kiddies to launch formidable attacks.
As predicted in a blog I published back in 2016, ransomware campaigns are evolving to target specific organizations and leverage context to drive demands. As seen in the highly publicized ransomware attacks against various Texas government agencies, attackers are targeting organizations such as state and local government offices, healthcare facilities, financial services, and others.
Based on contextual knowledge of what data and assets they have encrypted, they use that information to make their demands context-sensitive. Hackers who encrypt basic corporate documents charge a lesser rate, but when they have county tax records or patient health records, the ransom goes up. A more recent attack targeted currency exchange company Travelex. The cyberattackers demanded a $3 million ransom while encrypting customer data and disrupting business operations.
Evolutions of ransomware have seen not just the encryption of information, but also exfiltration, presenting both business disruption and potential disclosure of PCI or PII data, or IP theft. Gaining in popularity, the Maze ransomware is growing its business of leaking parts of exfiltrated data, ultimately leading to full disclosure if a ransom isn’t paid.
Given these challenges, what can be done to protect against these attacks? Looking at the attack kill chain, we can identify potential points for disruption:
If all else fails…
With the ease and effectiveness of ransomware attacks, don’t expect attackers to abandon what works. Variants of ransomware number in the thousands, with modifications in the exploit, effect or lateral movement capabilities. Advancements in toolkits for ransomware now allow for drag-and-drop customization, with point-and-click delivery on a fully hosted cryptocurrency payment system. While these threats continue to evolve, the best defense is a look back to the foundation of security.
By Randy Watkins | CTO, CRITICALSTART
Featured in Forbes | February 11, 2020