Express Computer
Home  »  Guest Blogs  »  Is the era of Ransomware coming to an end?

Is the era of Ransomware coming to an end?

0 128

By Sundar Balasubramanian, Managing Director, India and SAARC, Check Point Software Technologies

Regarding ransomware, there’s a big misconception in the industry. The conventional wisdom is that ransomware threats will escalate and that we will continue to battle them in perpetuity. However, while millions of ransomware attacks continue to occur annually, last year, ransomware threats actually declined by several percentage points, and more recently, in October of this year, the number of ransomware attacks across several critical infrastructure sectors dipped.

Check Point Software Technologies has found that one in 34 companies globally have experienced an attempted ransomware attack in the first three quarters of 2023, an increase of 4% over last year. In 2022, ransomware incidents in India experienced a 53% increase compared to the previous year, as reported by the Indian Computer Emergency Response Team (CERT-In).

Lockbit emerged as the predominant ransomware variant in India, with Makop and DJVU/Stop ransomware following closely. Notably, 2022 witnessed the emergence of new variants like Vice Society and BlueSky, the same report stated. The primary targets for Makop and Phobos Ransomware families were medium and small organizations, whereas Djvu/Stop variants remained prominent in attacks targeting individuals. The majority of these attacks appear to result from organizations and individuals neglecting to update patches for known vulnerabilities.

It is a possibility that ransomware is going to die out; it’s about to become extinct – maybe not tomorrow, but within the next few years. What I don’t mean to say, however, is that the global situation will calm down completely and that companies can relax. The war is far from over, but the dynamics are changing. That’s because ransomware gangs have started to shift gears and are focusing on exfiltration of data, and not destruction and chaos. Here’s why:

Rationale for ransomware’s recess

Succeeding against today’s cyber security infrastructure isn’t as easy as it once was. In the cat-and-mouse game that is deployment of threats and development of fresh defenses on the part of cyber security firms, the latter group is winning. Defenses have advanced significantly.

At Check Point, we advocate for a stacked prevention-first approach, and we advocate for this because of very strong reasoning. Point products in isolation work to some extent, but cause complexity and will not offer the same joint visibility as technological defense layers, where individual controls work in harmony with each other. Also, the application of artificial intelligence in conjunction with machine learning or deep-learning algorithms has caused significant advancements on the defender’s side.

As a result, cyber criminals need to continuously create new attack methodologies, in a potentially endless and exhausting cycle. The hackers may only hold out for so long, eventually losing interest in ransomware in favor of simpler and equally lucrative cyber schemes. After all, running attack ops costs money, and if your return-on-invest laterally moves farther out, the business case simply does not make sense any longer. The principals of economics apply for both sides, and this becomes evident in such examples where hacking groups simply give up on their traditional approaches and venture off to new ones. And these ventures explicitly include stealing and selling data.

The recent case of a hacking group calling on a successfully hacked victim by contacting the U.S. Securities and Exchange Commission (SEC) for help goes to show that we have a much different dynamic out there now than previously: Companies seem to not disclose attacks, so the gangs do that on their behalf. Not on the usual darknet wall of shame boards, but by calling the regulators. If this is new for you, let me explain…

Ransomware attackers’ desperation

In the aforementioned example, the ransomware group known by the moniker Alphv and/or BlackCat disrupted digital systems that belonged to a small California-based company. The hackers stole data.

In an apparent attempt to pressure the company to provide ransom payment in exchange for the data, the hackers seem to have filed a complaint with the SEC for failing to disclose the breach within four business days, as newly required by law. The chutzpah (and desperation)!

Ironically, the new SEC breach disclosure rules will not actually take effect until mid-December, thus the hackers may have indeed been a bit over-zealous in their approach (if not wholly out-of-line).

With GDPR, we have similar laws in Europe, although no similar example has surfaced yet, where the perpetrators tried something comparable with a national data protection officer.

Simple tricks to stay out of trouble

As noted earlier, I predict that more traditional ransomware approaches are going to extinguish themselves. Ransomware groups will precipitate their own demise, as running the infrastructure is costly. Thus, they now almost exclusively come for a quick cash-out. The case of MGM has shown the speed at which the teams are operating. The end game is clear as day: getting access to corporate data, and then pressing for ransom in exchange for non-disclosure.

To make it hard for them to succeed, certain measures must be applied.

I worked in the encryption business many years ago at a company called Utimaco Safeware. Back then, we already told our clients to employ encryption to prevent stolen data from falling into the wrong hands. This wisdom holds true today more than ever. And while this sounds banal to you perhaps, a lot of companies do not practice proper cyber hygiene yet.

Therefore, I am including a few basic tips to help increase resilience against exfiltration of data. Here’s what I recommend moving forward with:

· Focusing on encryption of your data at-rest and while in transit; doing so will render it nearly impossible for cyber criminals to rifle through the data and later sell them.

· Encryption of backups; doing so prevents attackers from traveling back in time to reach target, and you would be surprised how often unprotected backups are the first go to point for attackers.

· Having dedicated key management for cloud-based data repositories; doing so helps with controlling 3rd party (SaaS provider) lump risks.

· Ensuring that you have adequate endpoint hygiene; have encryption on disks, have identity access management done properly. Doing this will help in minimizing identify misuse, which in turn might open a door via privileged access.

Further thoughts

OK, ransomware might not go extinct in entirety. But the dynamics are changing. And while the bad guys will continue to be successful in some cases, in adhering to the above points, you can make their lives much harder and perhaps scare them off completely.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image