As ransomware attacks continue to grab headlines on a daily basis, it is natural to assume hackers are consistently outpacing the security countermeasures deployed by victimized organizations. An interagency U.S. government report revealed that there have been more than 4,000 ransomware attacks per day in the past five years, and the latest average ransom totals to $154,108. With the associated downtime usually reaching 21 days, organizations cannot afford to waste any extra time turning to outdated solutions -- including system backups, which are no longer the go-to lifelines they once were.
Hacking strategy adaptability makes this unsurprising, but backups are particularly dead in the water following the proliferation of double extortion campaigns and their requirement for unmitigated, high-level network access. “Encrypt and exfiltrate” quickly evolved into “exfiltrate and extort,” and the further honing of these methods is leaving system backups in the dust. A study by Coveware found that around 77% of ransomware attacks incorporate blackmail that leverages exfiltrated data.
A 2020 post by MedusaLocker, discovered in the Exploit forum, contained a brief description of essential skills for prospective affiliates. They required “practical experience with ransomware, confident use of Cobalt Strike, ability to escalate local administrator and domain administrator privileges, working knowledge of backup systems, and understanding of OpSec.” Organizations must cross-reference contemporary hacking structures with existing security procedures; as of a few months ago, system backups were still touted as a first-line defense mechanism.
Also frightening is the increasing demand for ransomware-as-a-service offerings with extortion as a key element. RaaS has matched the quality of hacking experts with a quantity of aspirants, doing away with the technical skill gap and flooding the web with would-be scammers. Backups and other protectors designed to waylay the original “ransom for access” campaigns cannot compete with a veritable deluge of data leak threats from every angle. The security sector will have to persevere under heavy scrutiny in establishing better preventative solutions for ransomware extortion, all while being careful to not tip their hand - lest they risk square-one restarts.
Common sense security practices still set a solid foundation for protection. Organizations are advised to prioritize patching and construct patch timelines to efficiently eliminate known vulnerabilities. Cyber insurance is an underrated ancillary safeguard that encourages risk mitigation for both parties, and the carrier providing a fresh set of eyes for systemic problems can prove invaluable. Overall, clear communication between managers and employees on day-to-day security expectations, and perhaps a routine recovery rehearsal procedure, can instill confidence until a sure-fire counter-strategy for extortion threats arrives.