Some ransomware attacks aren’t as bad as you think
The commonality and frequency of ransomware attacks can’t be denied. Every day, there is a ransomware level intrusion on some level. For that reason, we’ve painted a serious picture of ransomware, primarily out of necessity. Keeping ransomware in mind when developing the framework to your security architecture is an important piece in mitigating, or stopping, the attack(s).
For this reason, ransomware has gained a nefarious reputation. And why wouldn’t it? It’s responsible for some of the largest cyber-based attacks in recent memory. It circumvents defenses with seemingly complete ease, and the costs are devastating to those impacted. Therefore, one might think all hope is lost if they’re dealing with a ransomware breach. While it’s irresponsible to downplay its severity, the truth is, ransomware attacks can be survived and their impact minimized.
Not all attacks are the same
While the modus operandi of ransomware follows the same rule: target and compromise a network and encrypt valuable data to then demand a ransom, not all ransomware, attackers, and goals are the same. That’s the key difference, and one of the primary factors which can determine the severity of a breach event.
In other words, sure, it’s possible you could be targeted by ransomware operations as clandestine and severe as say, REvil, but it’s not likely. More so, the skill set of the attacker(s) will vary. Remember, ransomware has grown in accessibility and use, making it easier to deploy. Doesn’t mean you’re dealing with dangerous black hat hangs when fending off ransomware, however.
It’s possible you’re filtering out low-tier attacks anyway. Attackers can be a combination of things, such as relying on luck, or possessing low skills which lack the capabilities to breach organizations with powerful cybersecurity resilience. Additionally, other ransomware attacks lack experience with different target types, such as IT models which take advantage of the cloud to backup, store, and move their data.
Take other goals of an attacker into account:
- Some ransomware attacks are looking for network and/or organizational control
- Other ransomware breaches are aimed at leaking specific data to encrypt and ransom off
“Leak data” will usually involve targeting client data such as employee and customer info (email addresses, for example). Once compromised, attackers will threaten to publicize the stolen data, or destroy it (or both). It’s worth noting you can expect them to do so even if a ransom is paid – there’s no reason to assume an “honor system” with ransomware attackers. Pressure is typically applied when stolen data is broadcast in small amounts (or threatened to).
Organization focused attacks work to rob the target(s) of functionality, usually by apprehending the entirety of their systems. Networks that rely on vital services and information, like school and hospital networks, are especially susceptible to this.
How successful is the ransomware strategy?
Despite the complexities and threats present in a ransomware operation, once again, their success is not guaranteed. Several occurrences can prevent a successful ransomware intrusion. Those might include:
- Again, the complexity of defenses causes too much difficulty and/or the attacker(s) lack the competency to breach a network.
- The victim(s) do not pay the ransom demanded, and attackers are forced to switch targets. This is a risky outcome as it does not guarantee the survival of data, but can dissuade ransomware attackers further.
That isn’t all cases though, and it shouldn’t be assumed as such. Ransomware is still a widely successful method for targeting networks. That said, it’s important to frame ransomware as something which can be dealt with and survived, versus a malicious giant that can’t be felled.
With these considerations, it’s good to double back and take a quick survey of your recovery abilities, BDR plans, and overall cybersecurity resiliency.