Safeguarding against Ransomware

Ransomware is one of the most notorious kinds of cyber attack, which unfortunately is increasing day by day since the pandemic. According to Check Point Software Technologies’ study, the weekly average of ransomware assaults climbed to 1115 in May, and it had already surpassed 1210 companies hit by ransomware in the first half of June. Most of these ransomware assaults are directed at enterprise companies, making this a severe problem for corporations all around the world.

Sam Curry CSO CybereasonCyber pandemic
The COVID-19 pandemic hastened the change to a digital platform as businesses and governments moved their activities and operations online. This shift, as well as the subsequent rise in online traffic, naturally attracted hackers. “Hospitals and research companies and organizations involved in distributing vaccine supplies have faced a constant barrage of ransomware threats over the past year. Ransomware’s popularity has skyrocketed because that’s where the money is,” said Sam Curry, Chief Security Officer, Cybereason.

In the pandemic, ransomware has progressed from threats to end-users (mostly via phishing attacks) to sophisticated assaults utilizing complex vulnerabilities targeting hypervisors and exchange mail systems. Threat actors are well aware of the attack pathways that are most effective against remote employees, but they are also aware that most businesses have protections in place to prevent propagation over VPN or cloud resources.

Mujtaba Mir, Senior Sales Engineer, META at Barracuda Networks

“Ransomware has been around for decades and has been through several transformations to become what it is today. From the 1989 ‘AIDS’ ransomware to the 2021 Colonial Pipeline attack, ransomware criminals have frequently surprised us with their destructive ingenuity,” said Mujtaba Mir, Senior Sales Engineer, META at Barracuda Networks.

Loss for victims
Being hit by ransomware is not to be taken lightly by any company. Victims may lose their information, but they may also suffer financial losses as a result of paying the ransom, lost productivity, IT expenditures, legal fees, network changes, and/or the purchase of credit monitoring services for employees/customers.

The cost of recovery is also high when being attacked. Reports show that the average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021.

Emad Fahmy, Systems Engineering Manager Middle East at NETSCOUT

“The cost of Ransomware is not limited to the ransom paid; it is also inclusive of reputational damage and remediation costs. It is also essential to consider the possibility of the cybercriminals withholding the stolen data even after the ransom is paid. Consequently, defenders and security experts must be watchful and implement comprehensive solutions to protect their networks and data from malware,” said Emad Fahmy, Systems Engineering Manager Middle East at NETSCOUT.

According to a recent analysis by McAfee, cybercrime costs the global economy more than $1 trillion, or slightly over 1% of global GDP, when hidden costs like system downtime, lost productivity, incident response costs, and brand and reputation harm are included in.

Giuseppe Brizio, EMEA CISO, Qualys

Giuseppe Brizio, EMEA CISO, Qualys comments, “Ransomware can severely impact business operations spanning from at best, service level disruption, to at worst, full inability to operate business activities. Since 2020, there has been a shift in ransomware tactics from encrypting the data and keeping it hostage, making businesses unable to operate until ransomware is paid to exfiltrating the data and threatening to publish it in the wild unless ransomware gets paid.”

Why the increase 
As mentioned earlier, there is a massive increase in the number of ransomware attacks, not just in the region but the entire world. The major factor in this increase is the pandemic. The pandemic has hastened Digital Transformation projects by accelerating cloud migration in order to facilitate the transition to remote and mobile working. This new reality has significantly enlarged the attack surface, giving hackers more possibilities to carry out cyberattacks via ransomware.

Morey Haber, CTO, BeyondTrust

“The increase in remote access and the acceleration of digital transformation have created a bloated attack surface. In hastily going remote to abide with social distancing initiatives, many organizations took risky shortcuts. VPN and RDP, for instance, were stretched far beyond their proper use cases. RDP should never be directly exposed to the internet, and VPNs are not a secure mechanism for enabling privileged access and/or vendor access,” said Morey Haber, CTO, BeyondTrust.

Also, cybercriminals now have much simpler access to ransomware capabilities because of Ransomware-as-a-Service (RaaS), which is a subscription that provides ransomware tools that have already been built and are ready to use for launching ransomware attacks. Given that the service providers get paid a percentage of each successful ransom payment, this method of ransomware distribution significantly increases the number of ransomware assaults. For those who do not want to pay for such services, there are also step by step YouTube tutorials available with which anyone can easily attack.

Ray Kafity, Vice President – Middle East Turkey and Africa (META) at Attivo Networks

“The growing number of people online is a significant cause of the rise of these attacks. The pandemic initiated a spike in internet usage worldwide, especially as many shifted to remote work and education. While individuals are going back to their offices and classrooms, the existence of hybrid work also increases the exposure of IoT devices to multiple networks, thus making a breach more likely,” said Ray Kafity, Vice President – Middle East Turkey and Africa (META) at Attivo Networks.

Another reason for the rise in ransomware assaults is because it has turned into a ‘cash cow’ for threat organizations that are increasingly winning. When assaulting larger organizations that they know have money to pay their ransom demands, the threat actors are patient, persistent, and smart. If more businesses continue to pay ransom demands, the cost of decryption keys will only grow. Cyber thieves have a significant edge in that they only need to be correct one time out of a hundred to profit handsomely.

Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East

“For now, ransomware is considered “successful” by threat actors, and therefore it continues to thrive. While federal agencies have put out clear messages that they will treat ransomware attacks as acts of terror, it won’t put hackers away from this field, unless the business becomes totally not worth it. Furthermore, innovation and creativity in this field bring more business models to action. From ransomware-as-a-service to triple extortion – these actors aren’t just becoming bigger, they are becoming better in what they do,” said Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East.

What next
Given the circumstance, it is always advised to be prepared for an attack at all times. Benjamin Franklin once said, “By failing to prepare, you are preparing to fail”. All is not lost in the fight against ransomware. By taking the proper precautions, businesses can defend themselves against such assaults. One way to avoid a ransomware attack is to detect and block Indicators of Compromise (IoC) on your network to stop the propagation of malware before it becomes a ransomware attack.

Defenders that have a quick detection and response mechanism in place can respond effectively before ransomware has a chance to infect the environment. The amount of time it takes for businesses to respond to threats must be kept to a minimum. This is best accomplished by employing threat hunting services 24*7.

Amr Alashaal, Regional Vice President – Middle East at A10 Networks

“Organizations need to start looking into ways through which they can, not only tie all of their security solutions together but make sure they know what’s going on within their networks, at all times,” said Amr Alashaal, Regional Vice President – Middle East at A10 Networks. He further added, “In the era of public cloud, mobility, and work-from-home, the notion of perimeter security has quickly become outdated. It’s not just that the attack surface has changed; organizations have also gained a new understanding of the identity of a potential attacker, including trusted insiders who don’t even realize that they’re abetting a crime.”

The importance of resiliency and security in next-generation networks cannot be overstated. What security dangers may become widespread in the months and years ahead must be considered in the system’s design and continuous operation. The public and private sectors should work together to secure the networks of our banks, hospitals, oil and gas businesses, the aviation industry, and other important infrastructure by partnering with professionals who have an extensive understanding of cyber dangers.

A cybercriminal’s armoury is stocked with a variety of malware weapons. Ransomware has repeatedly proved its efficacy, and it has become a favourite among hackers all over the world. But it is nothing to be worried about as a good plan and caution can safeguard the environment.