Why businesses must focus on ransomware

The changing nature of ransomware attacks on businesses will continue through 2023.

The Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report highlighted that over the past year, 447 ransomware cyber crimes were reported. Ransomware was also significantly underreported, especially by victims who choose to pay a ransom, which indicated that this number, in reality, is even higher.

Splunk SURGe staff security strategist Shannon Davis said new developments like the success of law enforcement crackdowns on ransomware, changing government regulations, international sanctions, and the looming regulation of cryptocurrency would force cybercriminals to adapt ransomware strategies – both to overcome new challenges and take advantage of new opportunities.

Traditionally, ransomware groups targeting businesses have preyed on industries where uptime is crucial and even an hour lost to a payload that encrypts files or halts production can be prohibitively expensive. But some adversary groups are finding success without ever deploying a payload.

Mr Davis said ransomware actors were now moving straight to extortion. 

“As ransomware has proven successful, criminals are going to keep innovating and using it. It’s safe to assume it’s here to stay because, as we’ve seen from recent examples, ransomware works,” Mr Davis said.

“In the coming year, it can be expected that ransomware actors will skip encryption, move straight to extortion, and will act on their word to release data if their demands are not met. 

“Similar to what we’ve seen with recent incidents a few months ago, when an organisation was contacted by the hackers with an attempt to negotiate a ransom, they publicly refused to bend to these demands, believing payment would encourage the criminals to directly extort customers. Upon this refusal to pay, the hackers began to release files on the dark web, including sensitive customer data.”

A situation like that has not only a huge impact on the organisation and its reputation but also exposes customers who trust them with extremely sensitive information, according to Mr Davis.

“While ransomware groups are not known for widespread data monetisation, it’s an established underground industry which these groups are primed to enter as brokers for other cybercriminals – maximising profit while minimising exposure,” he said.

“On the other hand, even a single breach could be catastrophic now that sensitive data might find its way into the hands of bad actors, or else end up posted on the internet to create additional blowback for your organisation.”

An adapting threat

In 2023, it is predicted that a large number of ransomware attacks will continue to happen and, therefore, ransoms will continue to be paid – but trends show that it will happen in a different way, Mr Davis noted.

With a move away from cryptocurrency, cybercriminals are likely to rent out ransomware to other individuals or groups, with attackers increasingly relying on social engineering tactics, such as phishing, to gain access to targets’ networks and spread the ransomware. 

Ransomware attacks will also likely continue to involve the use of strong encryption to lock up valuable data and systems, making it difficult for organisations to recover without paying the ransom.

“Ransomware can encrypt faster than organisations can respond to it, and in less than an hour, all files can be gone. This is something organisations can’t afford to go through anymore,” Mr Davis said.

“Cybercriminals move quickly, and organisations need to move at the same pace implementing systems to prevent and protect against attacks in the coming year.”

Mr Davis said it would be important for organisations to stay informed of these trends and to have robust cyber security measures in place to protect against ransomware attacks.

“Risk mitigation is essential and needs to be proactive, strategic and ongoing in order for organisations to protect their data, their business and their reputations,” he said.

“In light of the hacks that targeted businesses, it’s more apparent than ever that prevention and training is key. Every organisation – big or small – needs to be investing in systems and processes to protect their private data. 

“With these recent examples, businesses must move into the new year having security at the top of their minds, focusing on ensuring they’re protecting their business as best they can from the wide range of threats out there.”

How we help

Ready to protect your business? My Business Cyber offers a complete solution to test, train and measure awareness, reducing the risk of human error. Protect your business from cyber scams and attacks with automated staff training, phishing simulations, tools, and resources.