Despite recent successes by law enforcement agencies in targeting suspected ransomware gangs, including the international effort to take down the $100 million Hive operation, the problem continues to cause huge damage to organisations the world over. Indeed, defeating ransomware forms part of the five pillars described in the recently announced US National Cyber Strategy, which aims to deliver a path to resilience in cyberspace. Given the evolving nature of the risks presented by ransomware gangs, there is clearly a need to support these important objectives with better protection and remediation strategies.
One of the various issues authorities and organisations face is that the methods used by cybercriminals to deploy and complete ransomware attacks are evolving. For example, the use of the double extortion model – whereby bad actors not only encrypt their victims’ data but also threaten to publish it on the dark web – has grown to become a major ransomware tactic.
If that weren’t enough to give cyber professionals sleepless nights, ransomware-as-a-service (RaaS) has emerged as a nefarious business model that enables cybercriminals to instigate attacks but without the need to create and deliver the ransomware themselves. This forms part of a sophisticated criminal ecosystem that also offers subscription services, whereby users are provided with tools and resources that help ensure their efforts are more effective and efficient. In practical terms, this commoditisation trend opens the door for attacks to take place in even greater numbers and with a more damaging impact. Perhaps most worryingly of all is that it significantly lowers the barrier to entry for hackers and makes it far easier for unskilled actors to launch cyber-attacks.
Looming on the horizon is another serious risk – the growing use of AI in the development of malicious code. The use of tools such as ChatGPT, alongside an array of other emerging technologies, means there is likely to be a massive growth in the use of AI-produced malware. While ChatGPT is designed to prevent users from creating malicious code, hackers are already finding ways to abuse its capabilities.
One of the many issues this is likely to create is that the ability of cybercriminals to evade AV tools will be significantly enhanced, particularly if AI is trained with samples of malware to improve on previous versions. In this situation, zero-day threats could become a much more serious problem than they are today, given the industrialisation of malware has now become a reality.
In practical terms, many security experts now share the same view that for ransomware attacks, organisations shouldn’t worry about ‘if’ or even ‘when’ they will be targeted – it’s now a question of ‘how often’. So where does that leave today’s digitally dependent businesses who need to raise their game in the fight against ransomware?
Reducing attack vectors and maintaining vigilance
Firstly, the reduction of potential attack vectors available to hackers and minimising the attack surface of a host is a critical step in securing networks and data. This is dependent on designing and building infrastructure systems with security in mind from the ground up, whereby each service should be appropriately configured to withstand being exposed to the internet. With this approach as a foundation, additional advanced protective measures can be added as needed, with firewalls viewed as a secondary line of defence rather than the first and only measure.
Next, organisations must maintain a high state of alert and vigilance to detect any signs of hackers infiltrating their environments. By implementing continual real-time monitoring of their systems and investing in approaches like point-in-time penetration testing and red teaming, organisations can more effectively identify potential vulnerabilities and help assess their ability to prevent and mitigate potential threats.
Adopting a proactive mindset
Ultimately, mitigating risk in today’s elevated threat environment requires a shift in mentality, prioritising the identification of incremental steps indicating a malware infection. Instead of viewing cyber security as a cost that delivers no return or deciding to delay the adoption of better processes and technologies in the hope they won’t be targeted, leadership teams need to tackle the problems head-on.
As the announcement for the U.S. National Cybersecurity Strategy points out, “The digital ecosystem’s biggest, most capable, and best-positioned actors – be they in the public or private sectors – can and should assume a greater share of the burden for mitigating cyber risk.”
Combined, these approaches to better cyber security can help catch ransomware early and isolate it before activation. But unless organisations raise their games, the chances are that many more will continue to suffer the damage, cost and disruption that often accompany a successful attack.