VOX

Hardly a day passes without some major development with ransomware. Hackers develop even more sophisticated approaches. A major automaker is attacked and business is brought to a standstill. Bad actors steal sensitive data and publish it on the internet.  A payout is made by the compromised organization.  And then they pray they can get all their data back.

It’s hard to keep up. Yet it’s vitally important for enterprises to stay vigilant, understand the latest threats and candidly assess their own ransomware attack surfaces. Changes in the nature of ransomware threats could mean you need to adjust your data backup or recovery approach.

Here are five must-know, new ransomware developments to be aware of:

1. Ransomware attackers constantly change their tactics. Just recently, reports surfaced of hackers using bullying approaches to force victims to pay, by essentially stealing their sensitive data and publishing it on the internet. Attacks have pivoted from extortion to blackmail. The fact that data can be copied is both good and bad. It’s bad that your data can be sold on the internet. It’s good that the ability to copy data sets up some of the protections against ransomware, including robust backup and recovery.
2. Paying the ransom doesn’t always guarantee you’ll get your data back. Companies whose data is encrypted with ransomware have at times spent millions to get their data back so that they can avoid further business disruption and reputational damage. But the truth about ransomware is that it’s relatively easy to encrypt, it’s harder to decrypt. Many ransomware tools are bought or rented on the black market. You can rent botnets that control hundreds of thousands of devices, like a timeshare. They can be quickly set up and run by freelancers who, in many cases, didn’t write the code themselves. This means that these individuals simply may not have the expertise to competently decrypt all of your data, if you pay the ransom.
3. Ransomware is targeting enterprises more, end-users less. If you’re a Black Hat, there are only so many hours in the day. It makes sense to target large enterprises for a few reasons. First, attacking enterprises is a higher-margin business compared to individuals. It’s a more efficient use of bad actors’ time. Secondly, hackers are more capable of executing attacks on enterprises because their systems are less of a barrier than they used to be. With the pandemic necessitating more work from home, endpoints are less under the control of centralized IT systems. Their networks, servers, and storage systems are not as hardened as they thought.
4. Ransomware is not just targeting data, but systems. When most people think of ransomware, they envision a Black Hat encrypting data and holding it hostage. But some of the most devastating recent ransomware attacks have been carried out against company networks, which can cause an entire global business to shut down its factories. It is critical to remember that anything that’s on a computer system and can be edited by an operating system can be encrypted in a way that it becomes useless to the end-user.
5. Ransomware can strike anywhere that your data lives. This includes data or workloads that are on the public cloud, like AWS or Azure. If assets are connected via the Internet they might as well be in your data center and be physically present. When thinking about ransomware risk to data or workloads, it’s best to think of the cloud and your data center as the same thing. The same risk applies to your SaaS-based data. SaaS vendors take precautions to mitigate ransomware risk. But end-users could be inadvertently involved in a phishing attack that compromises their SaaS account credentials and allows the bad actor to access your SaaS data.

Ransomware is changing so fast that some of the above five points may start to become obsolete within a year. WannaCry and Petya were some of the most well-known attacks and they seem like a lifetime ago, though they happened in 2017. Fortunately, with a comprehensive approach to ransomware resiliency that incorporates unified recovery and backup approaches, you can mitigate the threats from the bad actors to compromise your enterprise data.

Interested in learning more? Read the next in the blog series: Ransomware Resilience Comes Down to People, Technology, and Processes.