Is ransomware the new terrorism?

In this era of technological evolution, it would seem that the cyber threat landscape becomes incredibly challenging with each advancement. One such challenge happens to be ransomware, over the years the sophistication of ransomware attacks has increased as well as the amounts of money demanded and paid out in exchange for the information being held for ransom. IT professionals are under extreme pressure to protect organisations from the next big ransomware attack; this is one reason why organisations need to equip their employees with the necessary knowledge to identify activity that might lead to such an attack. 

Cyber Awareness: A Mitigation Key 

Prevention and response to ransomware requires awareness of attack vectors and different approaches to minimising associated risks. Employees must understand how to detect and avoid common attack vectors. Here are a few examples of what they should be taught to look out for: 

• Common Attack Strategies (e.g. phishing attempts) 
• Suspicious emails containing links or files 
• Malicious websites 

Covid-19: A Win for Cyber Criminals 

The chaos caused in the wake of the pandemic has provided cyber criminals with ample opportunity to wreak havoc. The hybrid work environment has created an increased attack surface and organisations in industries deemed high value by threat activists have become bigger targets such as the healthcare sector, which can’t afford a breach at the best of times let alone right now, so ransomware hackers know that they are likely to get exactly what they demand in exchange for the release of encrypted data. 

Are Attacks Increasing or Are They Becoming High Profile? 

The answer to this question is yes to both. Not only are attacks on the rise but the price of ransoms is increasing as well. It could be argued that the reason for these increases is due to the fact that more and more companies are choosing to pay the ransom in order to get their data back, and it would seem that cyber criminals are taking note. The rise of cryptocurrencies such as Bitcoin could also be a major reason for the increase in ransomware attacks. With Bitcoin being less regulated than other forms of currency it can be harder to trace thus making it attractive to hackers. 

Don’t Pay Up! 

As desperate as victims of ransomware attacks may be, it is inadvisable to give into a hacker's demands. Paying the ransom does not necessarily mean that the hacker will give back the data they stole; they have no reason to do so once they have what they want. If ever you are the victim of a ransomware attack you should report it to law enforcement immediately no matter what type of business you run or which sector you work in.  

While it may be pressing to get the stolen data back, especially if you work in an industry such as the healthcare sector and for example information important to a patient being treated for say cancer is stolen then it is understandable, however, don’t pay the ransom. If the hacker makes threats to you about what they’ll do if you contact the authorities it’s likely empty, there is very little chance they have of knowing whether you contact the police, it’s just a scare tactic.      

What Can Organisations Do to Stop Ransomware? 

When dealing with cybercrime, the first step is to be proactive rather than reactive. Organisations should be backing up all vital data and investing in insurance policies that cover cyber attacks. Organisations should also have effective cyber response plans in place, outlining the proper procedures and measures to be taken should an attack take place.   

Once again, don't pay up. Always try to determine what options are available that do not include paying the ransom. Even if paying the ransom seems like the only option, preparation is even more critical. 

Understanding possible surfaces for an attack is paramount. Oftentimes an unknowing employee can be the reason behind an attack. Teaching employees about possible attack vectors and how to recognise the signs of an imminent attack is fundamental in maintaining a high level of cyber security.