On the coattails of some major vulnerabilities, we have seen ransomware attacks surge 150% in 2020, and they show no signs of relenting. The new attacks are hitting large businesses, school districts, and local governments. Interviews with security professionals have turned downright pessimistic as some pros report they are seeing attacks “faster than we can count”.
As an industry, we are failing to keep up with attackers. While vulnerabilities are being published and organizations know the price if they fail to patch, recent vulnerabilities have been at the highest end of criticality and require immediate—sometimes business-impacting—patching to avoid standing out as a prominent target.
Today, ransomware as a service proliferates and ransomware kits are easily bought online. These growing ransomware business models and markets now make it easy to develop and acquire ransomware. And it was already easy to deploy ransomware through email and other common attacks, in addition to using the newer and pervasive vulnerabilities for direct injection of malware.
Many modern threat actors are looking to achieve something different than in years past. The target and attack types are not what we saw a few years ago, when encrypting individual user computers netted attackers a few hundred dollars per victim. While the payout rates have stayed relatively constant with close to half of victims paying the ransom, the ransom amounts and the targets have become much larger and we are now seeing negotiations in the tens of millions of dollars. In fact, the average ransomware payout amounts almost tripled from 2019 to 2020.
Attackers know they have leverage, and they are even targeting insured organizations to specifically seek ransom payments within insurance policy coverage. While relatively new, this adjustment puts organizations - even large, mature, stable, insured companies - in an almost unwinnable position.
Ransomware can be introduced into our environments through many different attack vectors, so no one technology or solution can provide complete ransomware protection. Law enforcement isn’t identifying, prosecuting, and sentencing, enough attackers in this space to deter future attempts. And organizations with mature backup programs still aren’t recovering quickly enough to offset the impact of ransomware attacks.
We need to think differently about the threat and how we prepare and respond. We must know and understand our own systems, have a ransomware specific incident response plan, and continue being creative in designing robust and multi-tiered backups.
Additionally, organizations should assume they will be victimized by ransomware -- not if, but when. We should all have a “kill switch” to shut down all systems and aid in containment when it happens. Because today, we are not containing and we are certainly not succeeding.
For a deeper dive on this topic, please check out my on-demand webinar: The Brutal Wave of Ransomware & How Attacks are Evolving
Learn how BeyondTrust Privileged Access Management (PAM) platform provides powerful, blended ransomware threat protection by securing remote access, enforcing least privilege, and protecting privileged credentials:
Dan Stern, Vice President of IT, Infrastructure and Services at AirMethods
Dan is a 20-year IT professional having owned a small IT business in Maryland, led fast paced IT teams at Chipotle, Blaze Pizza, and others, and now leads Infrastructure and Services teams as VP of Information Technology at Air Methods. Having a Bachelor of Arts specialized in journalism from Colorado State University and a Master of Applied Science concentrated in Information Systems Security from the University of Denver, Dan uses his experience with communications to help teach sometimes intimidating technology to office workers and college students. In his free time, Dan likes to power down all of the tech toys and simply get lost in the mountains.