Corporate networks are increasingly vulnerable to malware attacks, particularly in the form of ransomware, which has flourished in a time of remote work IT security limitations. Sadly, the prospect of falling victim to costly hacking campaigns has caused many organizations to readily give in to blackmail attempts, fomenting an eager movement of would-be hackers that will “normalize” ransomware and reap the profits.
Ransomware’s proliferation is due in no small part to the entry-level user facilitation provided by as-a-service offerings. Attackers shell out for a prefabricated form of ransomware on a subscription or single sum basis. Ransomware-as-a-service (RaaS) can scale to the point of REvil, demanding hundreds of thousands of dollars, or remain relatively under the radar. Either way, the authors of ransomware get a sizable share of each deployment, creating a feedback loop that keeps top-level talent in demand and well-compensated. User-friendly RaaS nonetheless promises to flood networks with threats, and at a level of quantity that constitutes an interminable stress test for cybersecurity professionals.
Research from Cybersecurity company Group-IB counted 15 new ransomware affiliate schemes that hit the scene in 2020, among them Avaddon, SunCrypt, and Thanos. Group-IB estimates that two-thirds of that year’s ransomware attacks came from RaaS-enabled methods. A technique of “double extortion” has been popular even after the departure of malware titan Maze, which entails stealing sensitive data but also secretly encrypting it for future use and demanding six-figure payments in cryptocurrency to prevent leaks.
Cybersecurity firm Tenable’s 2020 Threat Landscape Retrospective, covering publicly disclosed breaches in the January 2020 through March 2021 period, discovered that the healthcare industry has set records for its ransomware woes. While 2019 was itself a benchmark year for breaches in the sector, 2020 featured a whopping 237 incidents—and of the 22 billion total personal records compromised that year, healthcare took the hardest hit.
It is evident hackers are following the money, as individual patient records fetch a price of up to $150 on the dark web. Access to these comprehensive files is a hacking goldmine, as they enable several avenues of attack: identity theft, insurance fraud, blackmail, and more. Further, a data breach is practically a financial hemorrhage for a healthcare organization. While other industries lose an average $3.86 million scrambling to handle these events, healthcare can expect double that bill.
Tempering the ongoing threat of ransomware means understanding the inherent vulnerabilities of remote work. Oleg Skulkin, a Senior Digital Forensics Analyst at Group-IB, said, "RDP-related compromise can easily be mitigated with the help of some simple but efficient steps like the restriction of IP addresses that can be used to make external RDP connections or setting limits on the number of login attempts within a certain period of time. As long as companies pay ransoms, determined only by attackers' appetites, such attacks will continue to grow in numbers and scale and are likely to become more sophisticated."
A significant dip in profitability is sure to drive hackers elsewhere, but they’re more or less bound to bounce back with the clever adaptive tactics the RaaS model offers. Therefore, proper network security countermeasures are rendered ineffective by a lack of commitment to stonewalling hackers. A well-rehearsed poker face can effectively hide an organization’s slew of preventative measures, such as consistent security patching for vulnerabilities, integration of multi-factor identity authentication, and phishing awareness coaching.
