Major infrastructure in the United States is under attack. As more heavy industrial companies, defense contractors and government agencies increasingly rely on cloud platforms and IT solutions to serve their users and constituents, hackers are finding ways to leverage vulnerabilities and steal information.
The problem with these attacks is that they are taking advantage of the fact that a flaw in a cloud platform can undermine security with a completely unrelated company or industry. As we’ve learned from the SolarWinds hack, the Colonial Pipeline ransomware attack and now the LineStar attack, a single flaw in a cloud platform can open up critical energy production and manufacturing operations to being held hostage for millions of dollars in ransom.
Ransomware isn’t just a consumer issue. Here, we cover the state of ransomware in 2021 and how different organizations are responding to the problem.
What is Ransomware?
Ransomware starts out like any other form of malware or virus. A malicious program infects a computer system with the intent of listening in on web traffic, accessing unauthorized information or taking control of system resources. In this case, common attacks like phishing or injection techniques can expose your infrastructure to ransomware.
Once the malware is in the system, however, it does very specific things:
- First, it identifies the location of important files. This can include the entire directory of a file system or specific subdirectories continuing files based on specific keywords, file sizes or file types.
- Next, the ransomware encrypted that data using some form of unbreakable encoding. Encryption is a great security tool in that sophisticated encryption makes it nearly impossible to decrypt that data without an associated key. Note that this is the double-edge sword that makes ransomware possible. If your data is encrypted by a third party, they can block access to that data by withholding that key.
- The hackers then send a message to you demanding a ransom payment for the data. Once you pay the ransom, the hacker (ideally) gives you the key. If you do not provide the required ransom, then the hacker will keep or even delete that key, rendering your data unusable and, essentially, lost.
Most hackers use cryptocurrencies like bitcoin to take payments, as properly managed bitcoin wallets are easy to hide and render untraceable.
How Has Ransomware Evolved in 2021?
One of the more significant evolutions of ransomware in 2021 is the rise of more sophisticated and established hacker groups using the technology to target major industrial and government systems. The scale of these attacks is often beyond the grasp of unorganized groups or individuals, and as such what are essentially hacker gangs are attacking infrastructure from remote locations.
What’s more frightening is that these gangs are using their anonymity to operate unhindered in countries around the world, launching attacks in other countries, often at the behest of foreign governments. Many experts, including those from Microsoft, security provider FireEye and U.S. intelligence agencies have concluded that the attack was organized and launched by the Russian hacker group Cozy Bear, which in turn was either operating implicitly or explicitly in partnership with Russia’s Foreign Intelligence Service (SVR).
Additionally, LineStar Integrity Services, a pipeline-focused security and compliance firm, was a victim of a ransomware attack by the Xing Team, a Chinese-based hacker group. This attack resulted in the release of 70 gigabytes of data on the dark web.
Technologically speaking, ransomware is insidious precisely because it can use other attack vectors to deliver a payload, so there isn’t a single point of attack. This puts many prevention efforts on the defensive trying to stop attacks through email, spoofing, injection attacks, or anything over nearly any attack surface. Modern ransomware has become adept at avoiding detection, either through using stolen credentials or, like the SolarWinds hack, sitting dormant in a system for months or years before striking.
How Are Organizations Responding to Ransomware Threats?
Ransomware isn’t going anywhere. In fact, damages due to ransomware are predicted to top $20 billion globally in damages (up from $354 million in 2015).
Security companies are working fast to counteract established and emerging ransomware attacks. To accomplish this, they are focusing on a few key areas, including
- Advanced Detection: Ransomware creators have been launching attacks with increasingly sophisticated detection-avoidance systems. Defense experts are working to study these ransomware attacks and launch countermeasures that can locate malicious agents through specific behaviors, like suspicious data backups, encryptions, or administrator actions.
- Proactive Ransomware Hunting: Following detection, many experts are creating advanced “hunting” software manned by dedicated security experts in an organization (or as part of a managed security service provider). These hunters can actively evaluate suspicious behavior to avoid gaps in detection and eliminate threats before they become threats.
- Better Security Training and Phishing Prevention: Phishing is still one of the largest and most costly forms of cyberattacks around. That’s because it works–many employees are not able to keep up with the ways that hackers can trick them through email, SMS or even over the phone. Modern training and awareness are going to be a major part of ransomware prevention moving forward. This also includes better warning systems for attempted phishing attacks, including advanced email warnings and filters.
- Data Backup: Many problems related to ransomware can be tied back to improper backups, or even a lack of backups for sensitive data. More organizations are turning to hybrid cloud storage and backup solutions to maximize archiving and performance, which can mitigate some or most of the damage a ransomware attack might cause.
While this list isn’t exclusive, it touches on major efforts to address ransomware moving into 2021. Typical countermeasures like anti-malware and endpoint security have been a major part of this fight for a decade and remain so today.
Stay Compliant and Secure with Continuum GRC
A basic way to approach security is to maintain regulatory compliance. With Continuum GRC, you can automate compliance and security audits for accuracy and speed, which will help you understand your security gaps and, where possible, how to close those gaps against ransomware attack surfaces.
Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.