The risk of being held to ransom: The dominance of ransomware threats
As we move into 2022 most security professionals agree with the prediction that ransomware will be our most significant security threat.
Indeed many leading security professionals are now advocating that ransomware threats should be prioritised at the same level as Counter Terrorism.
The dominance of ransomware is being facilitated by the COVID-19 pandemic. The security vulnerabilities associated with remote working, coupled with the scammer’s abilities to dupe an easily alarmed and confused general public, create the perfect storm for fraudsters to execute ransomware attacks with the intention of extorting large amounts of money from their victims.
A rapidly developing ‘extortion economy’ is being created through scammers demanding victims pay a double ransom; one ransom for the return of their captured data and another ransom to ensure the data isn’t further leaked or sold on.
A recent trend report from Group IB analysing cyber-criminal activity has revealed a 935% increase in the number of ‘double-extortion’ ransomware attacks compared to the same period in 2020.
Typically ransomware software is installed via a successful phishing attack. Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to an unsafe website.
Phishing can be conducted via a text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly, and hide amongst the huge number of benign emails that busy users receive. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money.
Phishing emails can hit an organisation of any size and type. Organisations might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against your company, where the aim could be something much more specific, like the theft of sensitive data. In a targeted campaign, the attacker may use information about your employees or company to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.
The UK NCSC (National Cyber Security Centre) has published guidance on preventing ransomware attacks, and encourages all UK organisations to follow the actionable steps it sets out.