Ransomware attacks are on the up. Due to low execution costs, high rates of return, as well as a low risk of being caught, ransomware has become the preferred method of attack for those operating illegally within the online space.
In fact, research highlights a surge in the number of ransomware attacks against businesses. In the UK, for example, there was a 195% increase in reported incidents, which equated to an estimated 6.4m ransomware attacks in the first half of last year – making it the second most targeted country in the world, behind the US. This has not been helped by the rise of ransomware as a service, with hired malware strikes causing further disruptions to a number of UK companies.
Ransomware is a practice that blocks your data from being accessed and demands payment for its release. The most common source of ransomware infection remains an organisation’s computer systems. IoT devices are also vulnerable as the infection can spread rapidly across an organisation, especially when the network is not properly segmented.
Once it gets a foothold, it has the capability to expand to other endpoints, encrypting and stealing data, which can be sold on opaque online spaces like the Dark Web. Ransomware is unique because once it infiltrates a system, it is very difficult to dislodge, and this can cause major business disruption.
However, many of the flaws exploited in these cyberattacks are vulnerabilities that companies can protect themselves against to make such an attack less likely. It is therefore critical that businesses have trusted defenses in operation within this area as well as incorporating best practices into all endpoint builds to ensure a consistent security directive.
Cyberattacks on the rise
Cybersecurity experts all agree that ransomware attacks are only going to accelerate and could represent an increased threat to IoT devices. There is particular concern that these attacks will focus on Industrial Control Systems across utilities, manufacturing, energy and critical infrastructure.
Take, for example, the National Health Service (NHS) in the UK, which since 2014 has had 209 ransomware attacks, according to a Freedom of Information request. This ranged from one computer being targeted to an entire system going down.
The infamous WannaCry attack which took place in 2017, cost the NHS in the region of £92m to restore data and update platforms, due to lost output and IT support. Since then, the NHS has been asked to meet the Cyber Essential Plus (Government Standard), along with ensuring mandatory cyber awareness training for all staff.
This hack certainly acted as a stark wake-up call for the NHS, although this does not mean the threat has now subsided. Instead, ransomware is getting smarter and more costly, with organisations now having to remain agile and forward thinking to counteract any such malicious activity towards their networks.
The most successful ransomware attacks leverage access to your network – especially when there is a weak link in an endpoint. To counteract this, endpoints need to have their patches frequently updated, along with applications using the latest anti-virus software. There also needs to be visibility across the network to trigger alerts if there is a breach.
Organisations should deploy multiple layers of protection through its network architecture, giving IT teams real-time visibility and far greater control over network operations and activities. This can equally provide quick access to patch levels and configurations through a secure firewall, allowing organisations to feel safe and able to combat ransomware attacks head on.
To really stop cyber criminals in their tracks, organisations need to put in place rigorous network segmentation with a “Zero Trust” approach to access permissions. This allows organisations to create virtual borders and defend themselves against unauthorised lateral movement. These virtual borders reduce highly-effective breach isolation, improves the effectiveness of anomaly scanning, boosts the value of specialist security appliances and, in the process, significantly minimises the organisation’s virtual attack profile.
The reality is that the frequency and severity of cyber attacks – and ransomware attacks in particular – are only going to increase in the years to come. But if organisations act today and properly secure their networks and the devices connected to those networks by deploying advanced, cloud-powered network security solutions and a policy based hyper segmented architecture, they can prevent falling victim to these attacks and having to deal with their costly fallout in the future.
Contributed by Dahwood Ahmed, Senior Country Manager UK&I, Extreme Networks