A problematic trend continues in the fight against ransomware gangs
In the United States, both the FBI and CISA strongly discourage paying ransomware gangs. Conceding to their demands, they say, only encourages hackers and threat parties to continue to engage in malicious activity. But such a decision is easier said than done. When faced with a critical decision, 83 percent of respondents from a conducted survey declared they had no choice but to pay the demanded ransom.
Thycotic created an extensive ransomware attack report for 2021, surveying various IT organizations and teams in the process. From those IT teams, they conducted a survey, and found that of the 300 IT-based orgs, 83 percent paid a ransom.
Beyond that, the report also found associated costs elsewhere. Because of the increased cybersecurity attacks and ransomware threats, organizations were forced to expand their budgets. Allocation for ransomware defense and special cybersecurity budgets are part of the figures, highlighting an increase to cybersecurity costs as a whole. Beyond that, some were faced with hard decisions post-ransomware attacks and payout, such as laying off employees and customer loss.
If the concept of ransomware doesn’t bother you, the sheer costs associated with it should. Even after paying a ransom, an enterprise can still pay for the breach in various ways, such as demonstrated in the report.
Intrusion vectors
If you follow ransomware threads and intrusion approaches, how the breaches occurred will not surprise you. From the surveyed teams, ransomware was most effective through email. 53% of breaches occurred from phishing messages, a common threat tactic. Following that, cloud (38%) and software applications (41%) were part of breach causes.
A reason for the destructive ransomware damage is freeform movement within a network. “Lateral movement” it’s also called determines where a user can navigate within a VPN, accessed files, and records, to name a few things. IT teams are relying on an outward “moat” defense to keep attackers at bay, without adopting a stronger internal posture.
Another issue, of course, is the processed payouts to threat actors. When ransomware gangs know there’s a guaranteed payout, they’ll continue to enhance and embolden their efforts.
Pay the ransom or no?
There’s a swath of criticism towards the “never pay” mantra regarding ransomware demands. At Bytagig, we’ve discussed the human cost associated with ransomware breaches. Today, threat actors amplify what’s at stake if their demands aren’t met, from threatening to destroy data to outright publishing it and exposing confidential records.
Therefore, any enterprise, business or no, simply cannot afford to ignore the demands of attackers. And, as trends show, it doesn’t dissuade attackers, who still have hundreds of thousands of targets to choose from. Furthermore, refusing to pay a ransom will not guarantee hackers will cooperate or act in good faith (and why would you expect them to?). Additionally, there’s a concentrated effort to protect and recover data, even in the event of a breach, while new guideline models help educate people on best information protection practices.
Still, what this demonstrates is that ransomware gangs are successful, and that new strategies and defenses will be necessary in the coming years.
