51% of organizations don’t have a formal ransomware plan – are you one of them?
The recent Thales Data Threat Report 2023 revealed that 51% of organizations do not have a formal ransomware plan.
It also highlighted human error as a primary cause of data breaches, the growing importance of digital sovereignty and the challenges faced in securing multicloud environments.
In addition, it revealed that 49% of IT professionals reported an increase in ransomware attacks, and 22% of organizations have experienced this criminal action in the last 12 months.
Ransomware paralyzes business operations and blocks access to critical data until the attack is resolved – a major threat to organizations in terms of cost and reputation.
In addition to existing perimeter controls, a data-centric approach is needed to protect critical data from encryption by unauthorized processes.
Undoubtedly, as technology increases, attacks become more sophisticated. One example is Generative Artificial Intelligence (AI), which is used to increase the volume and level of success of these attacks.
So the scenario we are experiencing in the digital age is still going to change a lot in every way. The way we surf the internet, use applications and protect customer data. And above all, our perspective on cybersecurity.
So we have a long way to go to make this switch: from a reactive attitude to a proactive one, using specialized tools in strategies for detecting and responding to cyber threats, identity and access management, training and raising employee awareness.
We want you to start by thinking about these issues:
- Why doesn’t my company have a team to take care of data and digital security?
- How many times have you checked that your company’s digital world is safe?
- If a cybercriminal now wanted to use ransomware against your company, would they be able to?
This article is a wake-up call for you. Also a solution to strategically prepare against ransomware attacks.
The crucial question for a company is not whether it could be the target of an attack, but inevitably when it will happen and whether it will be prepared to mitigate the damage of that attack. That's why it's important to have a robust response plan to quickly mitigate the damage when that day comes. With the constant speed of technological progress, perimeter security measures alone are not being effective. This is where the importance of cryptography comes to the fore, acting as a powerful shield in the last line of cyber defense. It is in this scenario that CipherTrust Transparent Encryption becomes a vital component, bringing the power of encryption and playing an essential role in mitigating the potential damage of a cyber attack. 
What is ransomware?
Let’s remember the concept of this attack. The word “ransom” in English means ransom. Therefore, the main feature is to lock the computer and pay the ransom to unlock it.
Thus, ransomware is malicious software (a type of malware) that accesses the device to steal data and information on the entire operating system or just a few files. How much is stolen depends on the criminal’s intention.
As we mentioned above about AI, advanced algorithms have been used in these attacks precisely to identify all the characteristics of the target. For example, how much is available in the bank account for the extortion amount to be demanded. Among other specific vulnerabilities in networks and systems.
What has caught the attention of cybersecurity experts is the extent to which criminals are updating their tactics and technologies. But companies are not in parallel reinforcing and using innovative and technological solutions at the same level to protect themselves.
What are the types of ransomware?
There are two main categories of ransomware: blocking and encryption. Check out the difference between them:
Blocking ransomware:
This type of ransomware prevents users from performing basic computer functions. For example, access to the desktop can be denied, while mouse and keyboard functions are partially disabled.
This way, you continue to interact with the window that will have the ransom note. Lockdown ransomware doesn’t target critical files, it just renders the entire system inoperable. So file destruction has a low probability.
Encryption ransomware:
The aim is to encrypt your documents, such as photos, videos and audio. But the computer’s functions will not change. Generally, this can cause more panic because users can’t view the documents and don’t know how criminals can take advantage of the content.
Sometimes there is a countdown to the ransom payment: “You have until x date to make the payment or your files will be deleted.”
Due to a lack of awareness about the importance of making backups in cloud storage services or on external devices, many victims pay the ransom to recover their data.
Ransomware: Current Scenario
Akira Gang
Did you know that the Akira gang, formed in 2023, has already obtained more than US$42 million in ransom payments from more than 250 victims around the world?
They were private and government companies in various sectors, including real estate, finance and education.
According to the FBI, the gang demands ransoms ranging from $200,000 to several million dollars. The group creates and implements a Linux cryptocurrency. Thus, it exploits VWware ESXi virtual machines, which are in use in many companies and government agencies.
However, the first versions were developed in C++, which was recently changed to Rust with a .poweranges extension for cryptography.
One of the latest targets of ransomware was Stanford University and Nisan’s subsidiary in Oceania.
Junk Gun
Don’t think that only large companies can suffer this attack. Well, there are now versions to target small and medium-sized enterprises (SMEs), such as Junk Gun.
Junk Gun is a type of low-quality ransomware that has been gaining ground on the dark web. This option is produced independently and is less sophisticated. In addition, it is sold at a single price, which makes it an opportunity for cybercriminals to target SMEs and users.
Quite different from the traditional affiliate-based ransomware-as-a-service (RaaS) model that dominated the market for a decade. However, some of these ecosystems have disappeared and other affiliates have expressed their dissatisfaction with the RaaS profit system.
The average price of these Junk Gun variants is US$375, cheaper than a RaaS which costs around US$1,000. The selling points are that the product needs little support infrastructure to operate and that users are not obliged to share their profits with the creators of the scam.
AI
Artificial Intelligence has brought innovation to all fields, including ransomware attacks. With this technology, cybercriminals are able to customize their crimes. In other words, they adapt their approaches to the characteristics and weaknesses of each target without wasting time.
In addition, AI is used to automate part of the attack process. They are therefore faster and more efficient, increasing the impact and scalability of these operations.
A Sequoia, a large logistics company, used CipherTrust Transparent Encryption to protect its data against ransomware attacks. Watch the video.
Stages of a ransomware attack
I
nitial infection
Ransomware enters the system via phishing emails, compromised websites or software vulnerabilities.
Post-exploitation
After access, attackers can use tools such as RATs or malware to establish interactive access.
Understand and Expand
Attackers exploit the system to find access to other domains and systems, called lateral movement.
Collection and exfiltrationIdentifying valuable data (login credentials, customers’ personal information and intellectual property) to steal. They usually download or export a copy.
Implementation and sending of ransom:
Ransomware encrypts files and disables restore features, demanding payment in cryptocurrency in exchange for the decryption key, usually communicating this via a ransom note.
How to protect yourself from ransomware?
Yes, it is possible to protect your company from these criminal actions. We have practical and valuable tips as well as a tool that
Awareness and Training:
Educate employees about the dangers of ransomware, how to recognize and report possible threats. Train them in good cybersecurity practices, such as not clicking on suspicious links or opening attachments from unknown emails.
Updates and Patches:
Keep all operating systems, applications and programs up to date with the latest security patches. This helps to fix known vulnerabilities that hackers can exploit.
Firewalls and Antivirus:
Install and keep firewalls and antivirus software up to date on all devices. This way, they can help detect and block ransomware threats before they become a problem.
Email and content filtering:
Use email filters and web gateway security solutions to block phishing emails and malicious websites that can distribute ransomware.
Privilege restrictions:
Implement the “principle of least privilege”, ensuring that users only have the permissions they need to perform their duties. This reduces the impact of a ransomware attack by limiting the malware’s ability to spread through the network.
Regular Backup and Secure Storage
:
Make regular backups of all important data and store them in secure locations, disconnected from the network where possible. This allows data to be restored without paying the ransom in the event of a successful ransomware attack.
Incident Response Plan:
Develop and test an incident response plan that includes clear procedures for dealing with ransomware attacks. This helps minimize downtime and the impact should an incident occur.
Network Monitoring and Suspicious Activity:
Implement network and behavior monitoring systems to detect suspicious activity or unusual patterns that could indicate an attack in progress.
Layered Security:
Use a layered approach to cybersecurity, combining different technologies and defense strategies to protect against various threats, including ransomware.
Disaster Recovery Planning:
Have a comprehensive disaster recovery plan that includes procedures for restoring systems and data after a ransomware attack, thus minimizing the impact on business.
Protection against ransomware
Eval is an official reseller of Thales, which provides companies with data security and access management solutions to mitigate ransomware attacks.
Data security and access management solutions have the most essential components of the cybersecurity framework to protect organizations against ransomware:
- Discover sensitive data and classify it according to risk.
- Implement robust identity and access management controls.
- Protect and control sensitive data at rest and in transit through encryption and tokenization.
Thales solutions against ransomware attacks
- The ransomware protection of
CipherTrust Transparent Encryption
is specifically designed to monitor ransomware activity in order to stop malicious processes. - Protect data at rest from ransomware attacks with the
CipherTrust Data Security Platform
. - Implement strong authentication, access and identity management with
SafeNet Trusted Access
. - Identify and classify vulnerable sensitive data across the entire hybrid IT infrastructure with
CipherTrust Data Discovery and Classification
. - Protect data in transit with
Thales High Speed Encryptors
and ensure the security of data in motion.
