Last year, ransomware victims paid more than $406 million in cryptocurrency to attackers, according to blockchain trackers Chainanalysis Inc. The actual number may be even higher since many victims chose not to report the attacks to avoid public embarrassment. At the same time, cybercriminals have adopted cryptocurrencies as their preferred payment method because it is easy to execute. That creates a vicious cycle that fuels these criminal activities.
Cyber extortionists are exploiting the very anonymity that’s integrated into the digital ledger system known as blockchain, the foundation of Bitcoin and other digital currencies, as they escalate ongoing malicious ransomware attacks against companies, local governments, schools, and hospitals. This trend is likely to continue well into the future.
IN THE CROSSHAIRS
Ransomware attacks are increasing in frequency, severity, and size, and we don’t see this trend going away any time soon. In fact, the average known ransomware payment more than quadrupled from $12,000 in the last quarter of 2019 to $54,000 in the first quarter of this year, according to Chainanlysis. And the nefarious industry is flourishing, with businesses predicted to pay around $265 billion annually by 2031. That’s a 30% year-over-year increase in the next decade.
And let’s not pretend we’re up against amateurs. Ransomware attackers have become increasingly more strategic and technically adept, often studying their targets for months before making a move. Attackers are expanding their range of targets and operate by taking advantage of much of the same tactics, techniques, and procedures (TTPs) previously only employed by sophisticated nation-state adversaries.
SPENDING SPREE FOR PROTECTION
The broadening impact of ransomware is all the more reason why businesses of all sizes are stocking up on the best security tools available. According to Gartner, global spending on information security and risk management services will reach $150.4 billion this year, up more than 12% from a year ago.
Still, an organization can do everything right, incorporating the best technology on the market while implementing a well-crafted, layered security approach, and still get hit. Your adversary only must be right once, but you must be right 100% of the time. Once attackers penetrate a network, ransomware executes in seconds. Before they get to that point, companies should have good backups so they can retrieve their data and not fall victim to a business crisis and PR nightmare.
Most ransomware attacks start by exploiting human mistakes. They may start with a social engineering attack or a spear-phishing email that somebody clicks. Human error remains the Achilles heel for many companies. Consider that 85% of data breaches involve employee actions, yet some 55% of companies don’t offer mandatory security awareness training. And the organizations that do provide employee training tend to do so sparingly. A recent Mimecast study found that just 6% of companies offer monthly security training sessions while only 4% do so on a quarterly basis. This is an area that’s fixable but one that requires company-wide buy-in (starting in the executive suite).
THE BEST DEFENSE IS…A GOOD DEFENSE
Enterprises can fight ransomware by focusing on security operations as opposed to throwing a plethora of tools at the issue. An operations-based approach should focus on building defenses that are adaptable and continue to get better over time as they fortify every attack surface—the cloud, the endpoint, the network, and the human. In the end, however, it’s not as if there’s a checklist that you can fill out to protect your organization fully from ransomware. Adversaries will continue to change their tactics and the threat landscape will evolve, putting businesses at continued risk. Those businesses, and security leaders, need to evolve too, and continually look to harden their posture against and stay ahead of the increasingly bold and unrelenting ransomware industry.
Cybersecurity, as they say, is a journey and not a destination. It’s up to each of us to keep our head in the game to drive the advantage back to the defender.
Nick Schneider is President and CEO of Arctic Wolf, the market leader in security operations.