Given the number of ransomware attacks over the years, and the significantly grave consequences of an infection, you might think that prevention methods should be maturing to the point that ransomware could soon be stamped out entirely.
Consider the once ubiquitous threat of exploit kits, such as the infamous Angler, a huge headache for any security team at the time. These exploit kits have all but faded from memory, thanks to the ongoing effort by researchers.
However, ransomware is still everywhere, and total prevention of ransomware is effectively impossible. Let’s count down the reasons why that’s so.
- People are unreliable
You trust that your employees would never intentionally harm your organization. Even so, ransomware infections still occur because employees are not hyperalert to malicious links, emails, or phishing attempts.
There is a regular mandatory security-awareness training that many readers are familiar with. It’s never a bad idea to train your employees on security, but even the most security-aware employees can occasionally make a mistake when they open an email or click a link. And without hyper restrictive security policies that get in the way of people actually doing their jobs, that lapse in judgement is all it takes.
2. It has a rapid ROI
Another reason that ransomware is so attractive is that once it makes its way inside a system, typically via email attachments, malicious URLs, insecure Remote Desktop Protocols, or malvertising, it moves fast. It scans the network to locate files, then encrypts the content and demands a ransom. Unfortunately, once the encryption process starts, there’s not much you can do to undo it.
And in an alarming trend, a new methodology has arisen by which attackers steal data before encrypting it. In April, Fortune 500 computer giant Cognizant was hit by a Maze ransomware attack. Maze, which has been making the rounds since mid-2019, first steals data and then threatens victims that if the ransom isn’t paid, the creators will release the data publicly. This strategy eliminates any notion of avoiding payment by way of a strong disaster recovery plan.
So it’s hardly a shock that attackers continue to pursue this vector. It’s lucrative and easy to pull off, and people keep on paying.
3. It’s easy
One of the first examples of RaaS was GandCrab, which in its heyday in 2018 was responsible for more than half of all ransomware infections around the world. Over the course of its illustrious run, GandCrab generated more than $2 billion in profit, with $150 million going right to the creators and the rest spread out among its many affiliates.
Some go even further and have highly developed affiliate programs that vet applicants for compatibility. The currently spreading REvil/ Sodinokibi ransomware was first spotted in mid-2019 and quickly rose to prominence thanks to its affiliate program, whereby creators allow only certain high-yield groups to use their RaaS program. Forget the stereotype of hoodie-wearing malefactors in dark rooms; this is a sophisticated network comparable to any corporate partner program.
4. It’s Cheap
On the flip side, the out-of-pocket costs to run a ransomware campaign are low. Today, an attacker can buy a prefab ransomware kit for a relatively paltry sum. The kit contains everything needed to deploy and monetize an attack, including encryption services, the payload dropper, and obfuscation tools. A typical ransomware-as-aservice (RaaS) subscription starts from a little over $100 per month. More complex and powerful variants can cost thousands, but the payoff potential increases as well. Support plans are also included to ensure that attackers can extract the maximum value from the service.
5. It Pays
Attackers are more motivated than ever, because successful attacks offer huge payoffs. In 2019, ransom demands grew by 184% from Q1 to Q2, and experts estimate that the average cost per incident in 2020 was $283,800. Since 2018, ransomware-related incidents have increased by 41%, with the total cost to businesses in 2019 hitting $170 billion, according to some estimates. If these trends continue, the March 2019 attack on Norsk Hydro, which cost the company at least $40 million, might become commonplace. With numbers like these, it’s easy to see why ransomware continues to be a favourite criminal endeavour.
And even though law enforcement agencies advise against it, organizations keep paying the ransom. It’s natural for companies to want to protect their data, but the cost of the disruption to the business often eclipses the ransom itself, which means that paying up is often the most cost-effective option.
If you can’t prevent ransomware, what can you do to protect against it?
Your employees need access to data to do their jobs just like ransomware does, so your employees become the attack vector. Policies and roles that restrict access to data can help, but too many can get in the way of productivity.
The answer is early detection, user behaviour analysis, and automated action when suspicious patterns occur. Within seconds.
We offer just this type of detection so we can monitor activity, detect anomalies, and automate responses, to keep your data safe.
Want to learn more? Talk to ASE today to ensure that your data is safe!