Cybersecurity 2020: The Danger of Ransomware

Ransomware tops the list of cybersecurity threats for 2020.

While there have been efforts to convince individuals, corporations and municipalities not to pay ransoms,
the simple fact is that whenever one is paid, the attack becomes a
success that encourages cyberthieves to try again.

Ransomware attacks increased 18 percent in 2019, up from an average 12
percent increase over the past five years, according to research from cyber risk insurance firm
Chubb. It accounted for 40 percent of all manufacturers’
cyber claims, and for 23 percent of cyber claims for smaller businesses last year.

“Ransomware has not only continued to grow over the years, but it has
also attracted more organized criminals who have begun targeting
specific industries,” said Javvad Malik, security awareness advocate at
KnowBe4.

That “has not only increased successful infections, but has also made criminals more brazen
in the demands they’ve been making,” he told TechNewsWorld.

Easy Prevention

One irony of ransomware is that it remains among the easiest threats
to control. Prevention would be effective if users would refrain from going to
untrusted websites or from opening suspicious email attachments.

“Ransomware will continue to be an issue until such time that a
preventative measure can be found or every user can be educated well
enough to not open files from unknown sources,” said Tom Thomas,
adjunct faculty member in Tulane University’s
Online Master of Professional Studies in Cybersecurity Management program.

Ransomare is particularly nefarious because of its broad targets: individuals, businesses, government agencies and cities. The number of ransomware attacks increased in 2019 — but worse, 22 of those cyberattacks shut down city,
county and even state government computer systems.

If it can’t be stopped, the next best option is to make it less
profitable. As a result of the attacks on municipalities, more than
225 U.S. mayors last summer signed a resolution at the U.S. Conference of
Mayors, pledging not to pay the hackers.

“Ransomware does not judge nor care if you are an individual,
government or organization. It’s about greed — and let’s be honest,
organizations have more money than individuals,” Thomas told
TechNewsWorld.

“The mayors’ pledge is so much political maneuvering and sound bites. Their pledge means nothing to threat actors and criminals,” he added.

Those pledges are not the end of the story — they are just the beginning, said KnowBe4’s Malik.

“Like an animal that acquires the taste of human flesh after its first
kill, the rise and success of ransomware has given cybercriminals the
taste of data,” he remarked.

A pressing concern is what those criminals might do with the data.

“It will be common to see ransomware coupled with threats of data
exposure as ransomware strains developers and expands on new methods
to demand payment,” predicted Erich Kron, security awareness advocate at
KnowBe4.

“We have seen these threats for years; however, data exposure has
already happened late in 2019 and will become a common practice in
2020 for those who don’t pay,” he told TechNewsWorld.

A King’s Ransom

City leaders may have more leverage in deciding not to pay a
ransom than businesses, many of which have succumbed. For some companies, ransomware payouts now are factored in as an added cost of doing business.

“From the perspective of a business owner of any size, ransomware is
a frightening proposition. Imagine all of the endpoints in an
organization failing in a few hours,” warned Jason Kent, hacker in
residence at
Cequence Security.

“Given that most organizations have difficulty doing the basics,
knowing their assets, knowing if these assets are secured and patched,
backing up data, etc. — the rise of ransomware in the next few years
will be most likely a foregone conclusion,” he told TechNewsWorld.

“If we look at the organizations that have been hit with ransomware,
the recovery process was painful and took huge amounts of effort to
get back online,” Kent added. “If we are to make it through 2020 with
our systems intact, we have to watch out for the ever-changing threat
landscape.”

Wipe Out

Although not new, the very sinister “wiper
worms” threat, which first appeared as a new form of malware in spring of
2018, could be on the rise. Wiper worms, which can be very sophisticated programs,
generally have three targets: files/data, the boot section of a
computer’s operating system; and system and data backups.

“While not as common as ransomware, this type of malware is a major
risk because of the devastating outcomes of such attacks,” said
Yaron Kassner, CTO of security firm
Silverfort.

One significant concern is that a wiper could be deployed on a
network, and instead of merely locking out a user, it could be function
much like an even more insidious form of ransomware.

“I see wiper worms as one of the top cyberthreats for 2020,” Kassner
told TechNewsWorld.

Those hit by such an infection may not even be able to rely on
backups, which also are infected. If users restore data compromised
by the worm, that doesn’t resolve the problem, as each resoration attempt only replicates the problem.

“Once attackers have a foothold, it’s easier for them to encrypt data
for ransom than to exfiltrate data to sell on the dark Web,” noted
Willy Leichter, vice president at
Virsec.

“Cryptocurrencies now make it easy for criminals to monetize
attacks anonymously,” he told TechNewsWorld. “Recent attacks
have encrypted data and threatened to expose it publicly if the victim
doesn’t pay up. While this is probably a bluff, it raises the
perceived stakes for victims, increasing their desperation and
willingness to pay.”

Recovering Efforts Lacking

Another troubling component of ransomware and wiperware is the effort required to recover from such an attack.
Few businesses have a strategy in place should such an attack occur.

“According to a recent Forrester report, most businesses are in denial
about their ability to recover from such an attack,” said Sean Beuby,
chief architect at
Semperis.

“Seventy-seven percent are confident or very confident, but only 21
percent have contingency plans in place, and less than half that — 11
percent — believed they could recover within three days of an attack,”
he told TechNewsWorld.

“Organizations must take a clear-eyed, hard look at how unprepared
they are for a denial-of-availability malware attack and reshuffle
their priorities accordingly,” Beuby added. “Ransomware and other
wiperware is unprecedented in its ability to lay waste to a corporate
network without regard to physical location: NotPetya permanently
encrypted 55,000 Maersk servers and other devices around the world in
7 minutes.”


Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and FoxNews.com.
Email Peter.

source: technewsworld.com