In an already unpredictable U.S. election season, one of the biggest questions at hand is whether government agencies will be able to protect the vote from ransomware attacks—and it’s far from a sure thing that they will. The Cybersecurity Infrastructure Security Agency, or CISA, part of the Department of Homeland Security, has already made plays to protect voter registration databases and systems—targets that had already been compromised by Russian computer hackers during the last presidential election cycle. Connected to the internet, these systems are highly vulnerable not only to theft, but also to the manipulation, disruption, or destruction of voter data. Meanwhile, thousands of ransomware attacks have already struck municipalities across the country, as well as the voting technology contractors they rely on. Additional threats may already be in place, with ransomware pre-deployed and lying in wait to be activated at the most critical moment. Ransomware protection measures struggle to meet the challenge.
This eBook will explore the reasons these attacks have increased so dramatically, and more importantly, how to build a strategy to protect your data and networks against these attacks.
While election-related ransomware attacks will dominate the headlines over the coming months, the rising number of these exploits should set off alarm bells for organizations of all kinds—if they’re not already on high alert. As predicted, 2020 saw a spike in ransomware attacks. As problem after problem has struck companies around the world. Driven by converging trends including more connected systems, more sophisticated hacking techniques, the rise of untraceable bitcoin, and perhaps the growing adoption of cyber insurance, ransomware has surged in recent months. For companies already challenged by the COVID-19 pandemic, a cyberattack can be especially crippling, from the limited financial resources available to pay a ransom, to damage caused by operational disruption, to the possibility of further damaging the trust of already-shaken customers.
Cybercriminals increasingly use more advanced techniques to disable cyber defense systems and roam networks freely to zero in on the most sensitive and valuable data. Once the targeted data has been forcibly encrypted, the payment demanded for decryption can be astronomical. According to recent research conducted by Cybersecurity firm, Emsisoft, businesses around the world that were victims of ransomware attacks reportedly spent at least 144.2 million
According to cybersecurity response company FireEye Mandiant, at least 100 ransomware incidents worldwide occurred in September 2020 alone—more than double the same month last year. While most were committed by financially motivated cybercriminals, some, such as the notorious WannaCry and NotPetya ransomware attacks in the past, have been traced to foreign governments.
Desperate companies with sufficient resources, such as financial institutions, law firms, and major corporations, may be tempted to pay the demanded ransom in hopes of avoiding greater damage to their business and reputation—especially when a data exfiltration threat increases the pressure. However, doing so can bring steep fines from the U.S. Treasury Department if the hackers behind the cyberattack are already under economic sanctions.
Computer hackers select the targets for ransomware attacks based on a variety of characteristics, including the quality of their ransomware protection measures and the urgency with which they will need to recover their data. In practice, many kinds of organizations can fit this screen, as seen in several of the most recent high-profile incidents.
Often more lightly secured than private sector organizations, and designed for widespread file sharing, university networks are a perennial favorite for ransomware strikes. In one particularly cynical and damaging cyberattack, computer hackers extorted $1.14 million from the University of California, San Francisco after using NetWalker ransomware against systems used in the search for a cure for COVID-19. This was at least the third time the same exploit was used against universities in recent months.
Already overburdened healthcare organizations have faced a rising tide of ransomware. In late September 2020, Universal Health Services, a major hospital and health care network operating in the U.S., Puerto Rico, and U.K., suffered a cyberattack that took down its digital networks and forced some patients to be rerouted to other emergency rooms and facilities. The Ryuk malware used suggests that the attack was launched by Russian cybercriminals. Earlier the same month, a ransomware attack against University Hospital Düsseldorf in Germany forced ambulances to be rerouted as well, leading to a delay contributing to the death of a woman in need of urgent care. In a tragic note, the intended victim of the attack was not the hospital, but its affiliated university. Informed of their error, the hackers ceased their attack and provided the decryption key without payment.
In July 2020, the U.S.-based CWT global travel management company was hit with a demand for $4.5 million after computer hackers encrypted and downloaded data using the Ragnar Locker malware. The attackers claimed to have taken 2 TB of data including business records, financial account information, corporate correspondence, and client data.
In Las Vegas, a public school district preparing for a new school year while adapting to online learning was struck by a ransomware attack targeting sensitive data on its 320,000 students and their families. In many similar cases, schools under extreme time pressure to begin education have had no choice but to pay quickly. The latest wave of such cyberattacks continue a longtime trend in which municipal services from emergency response to utilities have been targeted by hackers.
While the malware used for ransomware attacks continues to grow in sophistication, the methods used in these attacks are evolving as well.
Formerly the most popular delivery vector for ransomware, phishing had declined in recent years as attackers turned to exploits using remote ports, public-facing servers, and other network vulnerabilities. More recently, email-based cyberattacks are on the rise once again—and gaining increased effectiveness as they adopt subject lines related to coronavirus.
The on-demand economy has transformed cybercrime as well. The widespread availability of ransomware-as-a-service (RaaS) now allows criminals with little or no technological sophistication of their own to launch highly effective ransomware attacks—and take advantage of services such as customer support. Popular examples include Zeppelin, Sodinokibi, and Avaddon malware.
Ransomware attacks are increasingly being launched in tandem with data exfiltration. In these incidents, computer hackers not only encrypt sensitive data of measurable value, such as financial records, intellectual property, and business data, but also remove a copy from the organization. By threatening to sell the stolen data on the black market, hackers can not only increase pressure to pay the ransom but can also ensure a financial return on their efforts even if no payment is made. Ransomware variants such as Maze and DopplePaymer malware have been used recently in data exfiltration attacks.
Organizations can make use of a variety of best practices for ransomware protection—and the more they use, the better. In addition to employee education, network monitoring, and access control configuration, it’s important to deploy effective cyber defense technologies to close vulnerabilities and minimize risk.
A dedicated TLS/SSL inspection solution such as A10 Networks Thunder® SSL Insight (SSLi®) can be used to detect encrypted cyberattacks and data breaches by providing full visibility into encrypted traffic, stopping any hidden cyberattacks at the network edge. SSL (Secure Sockets Layer)/TLS (Transport Layer Security) inspection can also play an essential role in enabling a Zero Trust cybersecurity model, which embeds security throughout the environment to offer protection both inside and outside the network perimeter.
Ransomware is one of the greatest threats in today’s cybersecurity landscape—and as cyberattacks grow more serious and difficult to stop, it is likely to remain one. Implementing effective ransomware protection will remain a mission-critical priority for the long term as well.