Why are backups no longer enough to protect your organization from ransomware?
Let’s start here: cybercriminals are evolving, and they’re evolving fast. What used to be a process of ‘encrypt’ and then ‘exfiltrate’ is evolving towards ‘exfiltrate’ and then ‘extort’. Essentially, cybercriminals follow this process: lock down a system, demand a ransom (typically in Bitcoin), and then provide an encryption key.
As ransomware has evolved, cybercriminals realized that their process to gain access to networks also worked well for exfiltrating data. What’s more, the process allowed them to circumvent backup files standing in the way of receiving ransom from the victim. This process moved cybercriminals towards ‘encrypt and exfiltrate’ –a double extortion scheme turning a standard ransomware attack into a full blown data breach. Basically, instead of just encrypting files, cybercriminals are now stealing them and threatening to release sensitive data if the ransom is not paid on the demanded timeline.
Since cybercriminals have evolved, a study by Coveware found that 77% of ransomware attacks since 2019 have also involved a threat to leak exfiltrated data. This means that beyond ‘encrypt and exfiltrate’, cybercriminals are evolving even further to a process of ‘exfiltrate and extort’.
Why are these types of ransomware attacks increasing in popularity and frequency?
The answer is simple: RaaS, or “ransomware as a service,” is growing in popularity. Essentially, cybercriminals sell subscriptions to ransomware “solutions,” just like how legitimate developers sell SaaS products. Successful ransoms earn RaaS developers a healthy commission. With the money to be made in this black market business, its popularity is growing fast for obvious reasons.
What can you do to protect your organization?
- Make sure employees are using strong, unique passwords and safely storing those passwords.
- Require the use of two-factor authentication across your organization.
- Create a zero-trust security system within your organization: require every user to be verified and authenticated before accessing your network. No exceptions!
- Use enterprise-grade password security and encryption platforms. Ask us if you need recommendations on what to use.
- Implement a dark web monitoring solution to scan the dark web forums and notify your organization if any passwords have been compromised. Again, ask us if you need recommendations or help to implement this within your organization.
It’s vital to be proactive and aggressive in your approach to cybersecurity. Cybercriminals are quickly evolving, and so should your organization in order to protect itself.
Hiring an advanced IT team like PK Tech can help protect your organization from unnecessary cybersecurity risk. Questions? Get in touch with us.