Ransomware attacks are on the rise in 2021
Believe it or not, ransomware has been around since the days of the floppy disk, with the first reported attack taking place in 1989. Over the ensuing decades, more and more malware strains were developed as bad actors congealed into syndicates dedicated to cybercrime.
Throughout its long history, ransomware has developed somewhat steadily. However, in the last year, it has seen astronomical growth. Precise figures are hard to specify because they rely heavily on self-reporting, but we can gain some insight into the growth in ransomware attacks by comparing multiple sources.
According to a comprehensive report compiled by Verizon, ransomware attacks doubled in 2021, accounting for 10% of all data breaches. Meanwhile, the FBI’s Internet Crime Complaint Centre (IC3) received 2,084 ransomware reports in the first half of 2021 alone. On a global scale, Sophos has reported that 37% of organisations acknowledged being the victim of a ransomware attack in 2021.
The reason for this growth is simple – ransomware is a multi-trillion dollar industry. The rewards are there. In 2021, syndicates like REvil and Conti made moves to increase their potential for big rewards by focusing more attention on third-party attacks that allow them to target businesses via their supply chain or employees. Since these attack vectors leverage trusted sources, they’re often able to bypass even the most robust cybersecurity measures.
This is why it’s essential to develop a sound ransomware protection strategy or work with a managed service provider (MSP) capable of putting these protections in place for you. To give you an overview of what the best ransomware protection protocols look like, we’re going to take you through some of the most prominent attack vectors and what you can do to protect your company and your staff from becoming victims.
The latest ransomware threats
There’s a reason we talk in terms of viruses and strains in the world of cybercrime. These attacks work in much the same way as an infectious disease, and just as physical viruses can mutate and adapt, so too can digital viruses. The difference is that in the digital world, there are humans driving the adaptation.
In 2021, the following key weaknesses in business security were targeted:
- Unpatched systems and software: Bugs and holes are inherent to software, which is part of why you receive so many notifications to install updates. Developers are always working on patches for vulnerabilities. However, when users fail to perform updates, these weaknesses remain open to being exploited by bad actors. While criminals have been known to target new vulnerabilities, more often than not, they go for known system weaknesses.
- Supply chain vulnerabilities: Attacking a weak link in a supply chain can give bad actors access to either a single prime target or the full array of businesses connected to the hacked organisation.
- Inadequately trained staff: Phishing emails were one of the major attack vectors for ransomware in 2021, but these are only effective if a member of the target organisation opens the email and clicks the malicious link. Staff may also be targeted via watering hole attacks that focus on websites commonly used by an organisation’s employees outside of working hours.
For Australian businesses, a local MSP like Invotec can offer protection against all three attack vectors backed up by 24/7 support. This means that if a breach does occur, action will be taken instantaneously, even if it comes in the dead of night. Every minute counts with a ransomware attack, so this level of support is invaluable.
Though there’s a great deal your MSP can do, it is still essential for organisations to develop supply chain transparency and train staff on cybersecurity best practices.
The importance of cybersecurity training for employees
The moment an unsuspecting employee clicks a link in a phishing email ransomware can install itself, and the results for your entire organisation can be devastating. To protect yourself and your vital business data, you need to ensure that employees are properly educated on how to detect phishing scams and ransomware attacks.
Hackers are notorious for discovering new vantage points and methods for delivering malicious code. For example, in 2017, voice message notification emails were the new trend among hackers as the attack vector gave them a way to target companies as well as individuals. Anybody can receive an email with a voicemail notification, so this type of attack poses a significant threat to individuals, businesses, and government organisations.
Malicious voice message notification emails generally come with one of the following two strains of ransomware:
- Cerber: Using text-to-speech synthesizers, this ransomware strain pressures victims into paying the designated ransom. The seemingly legitimate email has a voice message that is attached as a .WAV file within a .zip folder. Victims unsuspectingly download the file and folder, allowing the ransomware into their system. Cerber is designed to immediately install and change the names of files to [original file name] .crypted. Unfortunately, the chosen delivery mechanism means that victims will only discover the attack after it has taken effect.
- Zepto: A Locky copycat, Zepto ransomware is delivered via .WSF files. This type of ransomware has recently expanded beyond its initial malicious .DOCM attachments and zipped .JS files. Now, Zepto uses .WSF files to encrypt the original files on the victim’s PC. The HTML-formatted digital ransom notes are automatically placed in folders, and the original file names are encrypted with a long alphanumeric string that ends with the .ZEPTO file extension. Unfortunately, at the time of writing, there isn’t a decryptor available for Zepto ransomware.
In order to protect your vital data and files from encryption and yourself from ransom demands, it’s essential to educate your employees on cyber security best practices, including how to spot a phishing email.
Quick cybersecurity tips for ransomware protection
In general, employees should be trained to recognise the format, text body, naming of attachments, email address, and delivery method of all regular notification emails – whether they be voicemail messages from your phone system or upgrade notifications from your MSP.
In the case of malicious voicemail messages, anti-virus software doesn’t always recognise that the attached .ZIP files are malicious. So, users must pay close attention to file formats. The key thing employees need to know is that system-generated emails will contain .WAV and MP3 files, but they will rarely (if ever) come packaged in .ZIP files or with .PDF, or .DOC(M) files. If a voice message notification contains any of the latter, then it is highly likely to be a phishing email embedded with ransomware.
Ten minutes of employee training on email notifications can save you from ransom demands that can range between 10k (the average for SMEs) and 70 million dollars (the largest recorded ransom to date). It will also save you the cost associated with:
- Repeat attacks (if it worked once, it’s worth another try for bad actors)
- Late adoption of stronger cybersecurity protections
- Increased insurance premiums
- Reputation damage
- Lost business
- In some cases, legal costs
As a business owner or manager, it’s also worth ensuring that your antivirus software has both signature-based and behaviour-based malware detection capabilities. Behaviour-based algorithms monitor the behaviour of all files in your system and detect the kind of activity that indicates malware. This means even new malware variants have a higher chance of being picked up as the antivirus software isn’t relying solely on known malicious signatures for detection.