The cyber security experts from the UK, US, and Australia have issued a joint alert about the “growing wave of increasingly sophisticated ransomware attacks” which could have “devastating consequences”.
The wave of ransomware across critical sectors including health, education, financial services and energy makes clear that cyber criminals have upped the ante—and attacks have gone into stealth mode. The nature of ransomware has become so destructive that it has now prompted Britain, the United States and Australia to release a rare joint alert.
“Ransomware has become so effective that many organisations have simply paid ransom, sometimes to the tune of thousands of dollars. To reduce the risk of ransomware, organisations across all sectors must implement multiple security controls. This should be a standard best practice for cyber security and will also reduce the risk of other malicious malware threats.
Security experts will continue to miss the mark with ransomware protection. Security experts continue to tout increased perimeter defense as the catch all for ransomware protection.
However, businesses that experienced an attack had perimeter defenses in place and ransomware still managed to get in and organizations that were penetrated through phishing emails had conducted anti-phishing training for employees. The threat of ransomware will only continue to rise and this alert only confirms that. It is now a matter of “if,” not “when,” an attack will occur. Given these realities, more organizations will recognize the need to protect data at the storage layer with an immutable backup copy, ultimately ensuring they can recover quickly from an attack without having to pay ransom.
The latest wave of cyberattacks is a powerful reminder of their increasing sophistication. Driven by the pandemic and unprecedented digital transformation, in our heightened cyber threat landscape there has been a significant target shift. Cybercriminals aren’t just coming for governments, large scale enterprises and critical infrastructure, individuals and SMBs are on their radar too. The message is clear – everyone at every level needs to be prepared.
The good news is that when it comes to cybersecurity, there are proactive things you can do to protect yourself.
When you receive an alert that there may have been a breach, there are three steps to take. Firstly, you should always change your account password. Leaked passwords are usually sold on the dark web or added to databases that hackers use to crack passwords. Changing a breached password ensures hackers can\’t log in to your account. If you were using the same password for other web accounts, those need to be changed immediately too.
Secondly, consider using a password manager which can help create and store strong passwords, then enter your credentials when you return to a website to log in. Some can also help you keep an eye out for suspicious activity involving your personal information on the Dark Web so you can take action accordingly.
Thirdly, use two-factor authentication to make your accounts more secure. This is when you use an app to generate a code or get a notification on your device and helps to prove the person logging into the account is who they say they are. Any unauthorised access therefore gets shut down in real-time.
The Joint Cyber Security Advisory confirms that we are now all facing an increased level of risk associated with the threats presented by ransomware. It stands to reason that so long as ransom payments are being made, we can expect this now highly sophisticated industry to continue to grow. With the emergence of highly professional Ransomware as a Service (RaaS) operators, the barrier to entry for criminals has never been lower. Notably, the advisory highlights the importance of AI enabled network detection capabilities and their ability to detect and mitigate ransomware attacks early in the attack phase before encryption occurs.
Much of what\’s in the CISA’s report reads as a continuation of attacks from recent years, with a focus on stolen RDP credentials and phishing to gain a foothold in the network as well as targeting MSPs to potentially compromise several targets at once. The shift away from so-called \”big-game\” targets to smaller entities because of generating too much heat from major ransomware outbreaks could spell trouble for SMEs, as ransomware groups redouble their efforts on organisations which may not have the security budget to withstand sustained, aggressive attacks.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics