Why Ransomware is Still a Major Threat

Ransomware was introduced 30 years ago, but still it is a major threat to organizations. During its initial stages, the ransomware industry was not as big as it is now and typically concentrated on encrypting individual computers for ransoms ranging in hundreds of dollars. From 2013, ransomware attacks focused more on enterprises rather than personal users. There is a drastic impact of ransomware, especially in terms of downtime and exposed records.

The healthcare industry is one of the industries that is most vulnerable to ransomware attacks. A recent report revealed that ransomware attacks on healthcare providers in the U.S. affected 1,446 hospitals, clinics, and organizations.

The Negativity Attached towards Ransomware Attack Disclosure

Organizations nowadays avoid using the word ransomware unless there are severe negative consequences attached to it. They also tend to avoid disclosing ransomware payments. It should be noted here that with regard to the healthcare industry, the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule makes it compulsory for healthcare providers and their business associates to inform patients, the local media, and the HHS in the event of a breach that affects more than 500 individuals.

Though the ransomware attack disclosure is currently not required by the U.S. Security and Exchange Commission (SEC) unless the attack satisfies a certain criterion, the latter is more closely evaluating disclosures, and holding victim organizations that opt not to disclose ransomware attacks, to a higher standard.

Why are Organizations Vulnerable to ransomware?

All that ransomware needs is a gateway to attack a network. A seemingly harmless security flaw in outdated software, a weak password, or even an unwary staff could lead to the entry of ransomware. Attackers have been even more “organized” in that they hire employees to obtain access to a targeted company’s internal systems.

Phishing emails

Phishing attacks are emails and other communications formed to deceive someone into revealing sensitive personal data or opening a malicious file. Attackers create emails showing to be from a reliable source. As per reports, malicious emails have risen by 600% during the COVID-19 crisis.

Remote Desktop Protocol (RDP)

Microsoft’s Remote Desktop Protocol (RDP) enables users to remotely connect to other computers via a network connection. But the disadvantage is that RDPs widen the attack surface. When there is a lack of well-framed protection, a remote desktop can lead to hacking attempts.

Software vulnerabilities

Hackers exploit vulnerabilities in outdated software for the purpose of breaching systems and servers comprising corporate VPN servers, and install ransomware. For example, in the recent notable AIIMS (premier healthcare institution in India) ransomware attack, the cause seems to be weak firewall and outdated systems. Using current and updated software can help eliminate this vector. Cyberattackers are also constantly on the search of zero-day vulnerabilities. They aim at establishing a cyberattack before even developers could get an idea of the issue.

From individual hackers to Well-Organized Organizations

The success of ransomware attacks has triggered more organized criminal elements into ransomware attacks. Several successful ransomware attacks have been performed by well-organized groups of experienced software developers. Ransomware has turned out to be a big business.

Ransomware-as-a-Service (RaaS)

RaaS is one of the major reasons for the quick spreading of ransomware attacks. If a vulnerable endpoint is identified, including a desktop, laptop etc. it could act as the entry to the total network of business. It doesn’t need high technical skills from cybercriminals to build their own malware. RaaS is an affiliate program where low-skilled attackers distribute and manage ransomware campaigns. In the past few years it has evolved as a business model in which developers sell or lease easily deployable malware toolkits to people who want to perform cyberattacks.

Ransomware has become the preferred choice for cybercriminals as the barriers to entry become lower. Besides, it is more likely that ransomware attacks will have more elements to raise the chances of paying the ransom. This includes acts like publicizing the attack and eliminating the opportunity for privacy. Given the advanced abilities of cybercriminals and the strictness in disclosure and payment compliance requirements, prevention is always the key to avoid ransomware attacks.

See ransomware protection metrics in this blog.