Ransomware has become big business, and cybercriminals are looking to generate new revenue streams out of it. Ransomware in 2020 will continue to target victims as criminals develop creative ways to infiltrate secured IT infrastructure, seize data, and demand ransom from organizations.
There are more than 100 public sector ransomware attacks reported in 2019 as against 51 reported incidents in 2018. 2020 is expected to bring niche and target specific sectors of specific industries, public services, and locales. Sectors like healthcare, retail, finance, public enterprises, and manufacturing are emerging as preferred targets. The sectors that are expected to be on the list are not because of their security posture or monetary potential. They are targeted due to the amount of crucial information they carry. If an attack puts a stop to business operations, it is only natural that the management takes less time to decide whether they should pay the ransom or not. This increases the success rate of attacks and the possibility of a victim paying a high amount.
The Ryuk and WannaCry attacks created an impression of focusing on a large volume of users to make an effort worthwhile. Now we find attackers getting selective and specific to industries where they can get the highest return on investment. The healthcare, retail, and public sector should be prepared because the threats that they will face from ransomware is set to get more severe. Every business sector should leverage high-end automation to back up processes across all locations.
Social engineering for ransomware attacks
Social engineering has been a preferred choice of cybercriminals to execute a successful attack with minimal effort. Cybercriminals target employees by gaining their empathy and getting them to share credentials that can be used to run a ransomware attack on the company’s servers and digital infrastructure. While companies are updating security policies, ransomware attackers are innovating new techniques to succeed.
The illegal grey market for stolen credentials has already begun to expand online, and the dark web hosts a massive sale for cybercriminals that will allow them to gain access and execute ransomware attacks on corporate systems. In 2020, the grey market is expected to rise, backed by a shift in the strategy where ransomware attackers will take access to a system and then target those adjacent to the victim. These types of attacks would be easy to execute on outside contractors, partners, vendors, and freelancers.
Thankfully, cybersecurity teams are playing a more significant role when verifying the procurement process to ensure supplier integrity. New suppliers are verified before bringing them on board so that organizations are confident of their data protection policies and measures.
Ransomware and intellectual property
When businesses are growing successful, they diversify to seek new revenue streams. Ransomware attackers are also looking for new ways to exfiltrate data with intellectual property data. When ransomware variants combine the usual data lock-out with data exfiltration capabilities, the outcome is devastating.
If a ransomware attack is run to deny access to the prototypes of the organization’s car or phone, the attacker can also sell this information to competitors. Ransomware in 2020 is not just about access to data denied; it may also be about data compromised.
While the goal of the past year was to defend and encrypt data, upcoming ransomware attacks will be targeting high-value data like schematics, designs, and prototypes. Businesses need to have data protection measures in-tact to protect their business-critical data.
Be prepared with a backup plan
Organizations should have a proactive approach in 2020 to avoid ransomware attacks with multi-layered data protection policies and solutions. Data protection policies must include a proper resiliency strategy and a data protection education program for employees.
A backup strategy is needed to have an extended protection plan. When defensive techniques fail, an offline backup will help retrieve crucial data, and business operations will remain unaffected. Backup data should be stored isolated and out of the reach of any ransomware attacker.
Organizations should also repeatedly test their defensive strategy against a ransomware attack. The coming years, beginning in 2020 is expected to have innovation and evolution in ransomware variants. So, having strong tested defensive strategies can be a savior.
Penetration testing is a strong defense against ransomware
Organizations must be a step ahead of ransomware attackers, and, therefore, should hire penetration testers who can infiltrate and spot all loopholes the network, systems, and all digital assets. A penetration tester seeks to find vulnerabilities and suggest appropriate action to fix them before ransomware attackers or cybercriminals exploit them. To be a penetration tester, one should have a strong knowledge of ethical hacking and penetration testing, which can be obtained from a certified program. EC-Council Certified Security Analyst (ECSA) is a hands-on program from EC-Council that offers a seamless learning experience in continuation to C|EH. It is a comprehensive program with distinguishable methodologies that cover different penetration testing verticals. ECSA covers the testing of modern infrastructure, application environments, and operating systems and also enhancing the report writing skills of the penetration testers.