Mercedes Cardona is an editorial consultant and founder of Commerce and Reads. She is a veteran journalist who has worked for media organisations like The Economist Group, The Associated Press and Crain Communications. Her work has appeared in publications worldwide including USA Today, The Huffington Post, and many others.
Ransomware returns with a new twist: pay up or we’ll publish
In May this year, hackers broke into a celebrity law firm’s network, stole confidential documents related to star clients, and threatened to publicly release the data unless the firm paid a record-setting $21 million ransom. When the demand wasn’t met, the hackers published Lady Gaga’s files and doubled the ransom, threatening to release other data.
After something of a lull, ransomware has once again risen in importance as a prevalent and serious threat. And in a new wrinkle, hackers are increasingly stealing sensitive information and extorting organisations with threats to tell all.
A pandemic of ransomware
Among organisations surveyed for Mimecast’s State of Email Security 2020, 51% said they had suffered a ransomware attack that impacted business operations during the past 12 months, suffering an average of three days of downtime.
Adding to the problem: with a growing number of employees working from home during the COVID-19 pandemic, hackers have new opportunities to prey on users—although during the early stages of the pandemic this year, many attackers focused on tactics that were even easier to execute than ransomware, such as credential-stealing phishing emails.
A growing number of cyberattacks in late 2019, using Emotet “malware-as-service”, pointed to a likely increase in ransomware attacks this year. That prediction has been borne out in recent attacks, the hackers are more often demanding money in exchange for not releasing private information. The currency exchange firm Travelex reportedly paid $2.3 million in Bitcoin after a New Years’ Eve attack in which hackers encrypted and claimed to have exfiltrated 5GB of its data.
Attacks are larger and more sophisticated
As studies have pointed out, some recent attacks are larger and more sophisticated. Executives at IT company Cognizant, which suffered a ransomware attack in the first quarter, said it will eventually cost the company $50 million to $70 million in cleanup costs and lost business during the second quarter of 2020, and further costs beyond.
“Ransomware attacks are becoming all too frequent across industries,” CEO Brian Humphries told analysts. “Nobody wants to deal with a ransomware attack. I personally don't believe anybody is truly impervious to it, but the difference is how you manage it. We are using this experience as an opportunity to refresh and strengthen our approach to security.”
Protecting the organisation against ransomware
Securing against ransomware requires a combination of technology and awareness training, says Kiri Addison, Mimecast’s Head of Data Science for Threat Intelligence & Overwatch. One of the easiest ways to protect against ransomware is the simplest: don’t click on the suspect attachment or link in email messages. A Mimecast survey of healthcare breaches found 90% had faced an email-borne attack last year; the most common attacks involved malicious URLs and phishing.
Training employees to treat email carefully is the first line of security because a single human error is all it takes for malware to get into your network. Recent Mimecast analysis found that awareness training can be extremely effective in reducing unsafe behaviour: employees who don’t receive awareness training are more than 5x as likely to click on suspicious links. “Awareness training around these kinds of scams is a big part of security because human error is a factor,” Addison said.
In addition, email security technology can be used to scan for malicious malware attachments and links in incoming emails. Even if an employee downloads malware in error, advanced email security can prevent it from spreading through the organisation in internal email or being distributed in outgoing emails to customers.
The bottom line
Ransomware is a key element in the rise in cyber threats surrounding the COVID-19 pandemic. And increasingly, hackers are not only locking up confidential data but also threatening to publish it online unless the ransom is paid. A combination of awareness education, technology and the right cybersecurity hygiene can be used to protect against the threat.
This article was originally published on Mimecast’s blog and has been reshared with permission.