Increased reliance on multiple cloud environments during the last couple of years and the growing number of employees opting for a hybrid working norm have created numerous opportunities for ransomware gangs to target organizations. As a response to the increasing impact of ransomware attacks, businesses of all sizes are investing in a zero-trust approach to security where digital identities and multi-factor authentication (MFA) play a key role.
The state of the ransomware threat
Ransomware attacks have become more advanced and complex during the past years, evolving from simple malware deployment and extortion to a multi-tiered Ransomware-as-a-Service (RaaS) business model where “service providers” like Initial Access Brokers develop and then sell or rent their services. So-called “double extortion” attacks also heighten the risk, where cybercriminals exfiltrate the data before encryption and ransom demand. All these developments contribute to a more dire threat to organizations.
Research from CyberRisk Alliance indicates that 43% of the surveyed businesses suffered at least one ransomware attack during the past two years (2020 – 2021). 32% believe they cannot prevent ransomware attacks because threat actors are too well-funded and sophisticated.
According to the 2022 Thales Data Threat Report attacks significantly impacted 43% of the ransomware victims. The impact ranges from hard costs, such as financial losses from penalties, fines, and legal expenses, to softer costs, including lost productivity, recovery costs, and brand reputation.
To pay or not to pay? This is the question
Ransomware attacks are sometimes even worse than the worst-case scenario for which an organization has planned. The data stolen by the ransomware group might be so sensitive or damaging that allowing it to be released would destroy the organization. With all other options exhausted, an organization realizes they may have to pay the ransomware group.
In fact, the percentage of ransomware victims choosing to pay the ransom is higher than you think. The CyberRisk Alliance report findings indicate that 58% of the victims paid a ransom, while 29% found their stolen data on the dark web.
However, paying the ransom might not be the solution to your nightmare. Even if a company pays, there is no guarantee that attackers will return the data or that the decryption key gets data back where it was before the attack. According to a 2021 Sophos report, 92% of these organizations don’t get all their data back, and 29% of them don’t even recover half the encrypted data.
An inconsistent return of the data is not the only reason businesses should avert from paying the ransom. Federal agencies like CISA and other security professionals stress that paying the ransom does more harm than good. While paying may appear to be a viable option and a quick solution to your problem, there are many reasons why you shouldn’t:
- Ransomware gangs are encouraged as the ransoms are funding them
- Double extortion tactics only escalate the ransom in demand
- Businesses paying the ransom might face future legal issues for funding terrorism
Prevention is better than reaction
Before even discussing the possibility of paying the ransom, businesses should start planning how to reduce the likelihood of being the next victim of a ransomware attack.
Ransomware business model
The first step is to understand how ransomware gangs operate. These criminals often go after Big Game Hunting. The higher the expectation for service reliability, quality, and trust, the more likely the business will be targeted. For these companies, the impact of disruption on business operations is much more significant than the payout. When an energy or utility grid is compromised, this can lead to blackouts and gridlocks, and when safety mechanisms are breached, the release of toxic chemicals, oil spills, fires, or explosions.
The problem is exacerbated by the fact that the skills required to execute a ransomware attack have been dramatically reduced. Ransomware-as-a-service models are offering a complete package for potential attackers. Ransomware software packages exist along with millions of stolen access credentials on the dark web that allow people with relatively little technical background to execute ransomware attacks effectively.
Build your defenses – a zero-trust approach
Identity-based access and multi-factor authentication can help reduce the incidence of such attacks. Businesses should be proactive and build capabilities to identify the source of repeated, excessive login attempts and block such attempts. Having this capacity is crucial for detecting and reducing the impact of ransomware attacks.
In line with the recent Executive Order, an Americas Market Owner for IAM said,”Adding identify verification gates (#MFA) in front of every app cannot just reduce the chance of getting hit with #ransomware but also limit that damage done”.
One of the most effective ways to prevent ransomware attacks is by adopting zero trust architecture. Built on the principle ‘never trust, always verify,’ a zero trust security strategy would have prevented ransomware attacks like the Colonial Pipeline and JBS, preventing it from spreading across the operations while keeping the operation running.
Zero trust isn’t a silver bullet for ransomware either, but it can help create a much more robust security defense against ransomware attacks if implemented well. One of the key pillars of zero trust focuses on user identity and access management. Others include monitoring, detection, and threat inspection capabilities necessary to prevent ransomware attacks and exfiltration of sensitive data. Zero trust frameworks help reduce the attack surface significantly as employees and third parties only have access to the resources they need at a given time.
Zero trust is a strategy that facilitates digital transformation. It needs a commitment from the entire organization and requires a change in mindset, executed with due diligence. However, the bonus is that businesses that implement zero-trust security successfully will be much stronger to combat evolving threats like ransomware and emerge as a genuinely cyber-resilient organizations.
Anastasios Arampatzis is a cybersecurity content strategist, writer, and consultant with expertise in cybersecurity, digital identity, and regulatory compliance. Tassos has a strong background in creating thought leadership content, marketing materials, and strategic communications tailored to CISOs, security professionals, and business leaders. He has contributed to various cybersecurity publications and collaborates with organizations to develop compelling, insightful content that addresses industry challenges. He is a privacy advocate and a member of the ISC2 Hellenic Chapter. Before joining Bora, Tassos was an Hellenic Air Force Officer with a solid background on IT and Infosec.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.