Ransomware Barometer 2022 Update
Massive hacks, data breaches, digital scams, and ransomware assaults continued apace during the first half of this challenging year, making the first six months of 2022 seem interminable or fleeting — or both. With the Covid-19 pandemic, economic insecurity, geopolitical instability, and severe human rights issues raging around the world, cybersecurity vulnerabilities and digital attacks have revealed themselves to be deeply ingrained in all areas of daily life.
Cybercriminals could now subscribe to “Ransomware-as-a-Service” companies, which allow them to use pre-developed ransomware tools to carry out attacks in exchange for a share of all successful ransom payments. Because of the development of RaaS, ransomware attacks are now substantially more economical for small-time hackers, resulting in an increase in the number of ransomware attacks. The increasing sophistication of hackers is outpacing the adoption of new protections in all industries.
As the number of high-profile attacks has increased in 2022, ransomware groups have grown more confident, with targets ranging from gas pipelines to health care, food companies, and more. Ransomware strains, like the COVID-19 virus, never cease adapting and often get more dangerous over time. Furthermore, many new Ransomware-as-a-Service (RaaS) gangs have emerged this year, including Mindware, Onyx, and Black Basta, as well as the resurgence of one of the world’s most destructive ransomware groups, REvil.
Costa Rica has made headlines in recent months, particularly when President Rodrigo Chaves Robles announced a nationwide state of emergency. When President Rodrigo Chaves Robles took office as Costa Rica’s newly elected president on May 8th, he declared a nationwide state of emergency. The news came after the country’s month-long battle with ransomware attacks, which have badly damaged the economy and prompted Chaves’ declaration. At the time, it was believed that the country’s economic stagnation was costing it at least $38 million every day.
Tools and utilities for storing, exchanging, and otherwise handling cryptocurrency have emerged at a breakneck pace as the ecosystem has evolved. However, such quick expansion has resulted in a number of oversights and blunders. And cybercriminals have pounced on these blunders, frequently stealing large amounts of cryptocurrencies worth tens or hundreds of millions of dollars. For example, at the end of March, North Korea’s Lazarus Group stole $540 million in Ethereum and USDC stablecoin via the popular Ronin blockchain “bridge.” Meanwhile, in February, attackers used a bug in the Wormhole bridge to steal $321 million in Wormhole’s Ethereum variant. In April, attackers targeted the stablecoin protocol Beanstalk, obtaining a “flash loan” to steal around $182 million in bitcoin at the time.
Ransomware has increased in popularity among cybercriminals, who have refined their business models and techniques, reducing access barriers and making attacks simpler to carry out. Criminals with no technical understanding may now execute ransomware cyberattacks for as low as $40 per month by subscribing Ransomware-as-a-Service and using bitcoin to help them avoid detection. In recent years, there has been an increase in the use of ‘double extortion’ techniques, in which cybercriminals combine initial data encryption with a secondary form of extortion, such as the threat to expose sensitive or personal data. Hackers will also try to encrypt or erase backup files, making restoration and recovery more difficult or impossible. An alarming new trend has seen attackers harass staff in order to get access to networks, as well as go directly to corporate officials in order to demand ransoms.
Depth of your Data
Understanding what data your company collects and manages and the access permissions that particular parties have to it is a critical step in limiting the damage caused by a ransomware attack.
Trina L. Glass, a shareholder, and member of Stark & Stark’s Investment Management & Securities Group recommend that companies inventory their data to determine who has access to what information. “Prior to implementing controls and procedures to help prevent or mitigate a firm’s risk of a ransomware attack, the firm should first understand what data it collects, where the data resides, and who has access to the data,” Glass says, adding that firms should also take steps to reduce copies of the sensitive firm and client data.
Businesses must implement various basic IT/OT security procedures to prevent malware disruptions, including:
· establishing security practices and standards
· segmenting flat network with defense in depth without agents
· ensuring that software patches and virus protections are up to date
· providing proactive system protection such as firewalls
· encrypting data and implementing two-factor authentication
What to do in the event of an incident
Some cyberattacks are inevitable but having an effective recovery plan in place will reduce your damage. Early discovery and prompt intervention are critical for company continuity. Costa Rica exemplifies what occurs when organizations of all types, whether government or private, overlook the necessity of readiness in the context of digital disasters. A cybersecurity solution investment is an investment in an organization’s ability to manage its assets and recover from disasters that disrupt its operations and systems.
Most companies will already have a crisis playbook in place that would probably cause the lock-down procedures for the firm to be initiated should a ransomware incident occur. Soon after the incident is discovered, there will likely be a forensic investigation of how the danger was created.
Understanding what information and systems were hacked, and how and when that occurred, is necessary for this response. A strong offense is the strongest defense against possible ransomware threats. Updated policies and procedures that provide employees and outside parties with system access with clear guidelines, routine training and testing to fortify your systems against attacks and an active crisis-management plan that can be validated against known and emerging digital threats are all ways that businesses can achieve this.
Airgap Networks is the only agentless solution that stops ransomware from lateral propagation. Innovative network segmentation down to a single endpoint, coupled with zero-trust identity-based access control stops malware cold. Proven to protect high value assets in Manufacturing, Healthcare, and Critical Infrastructure, the solution is the easiest to implement and manage.
If you are interested in getting updates on Ransomware protection using agentless segmentation, visit https://airgap.io/ransomware-protection or schedule a Ransomware Kill Switch demo https://airgap.io/forms/schedule-a-demo.