Data breach schemes now join hands with ransomware. And the damage could be immeasurable.
Ransom! It’s the oldest crime in the book, and yet, we were all surprised when criminals took it online back in 2014. Have we since solved the issue? No. Those businesses who have not taken cybersecurity serious are still very much at risk. Ransomware popularity still continues to skyrocket, primarily because of the huge profit left by its victims.
It Is the Ransoming of Data
Unlike other cyber attacks where hackers steal data and then sell it somewhere, criminals who use ransomware as their primary means of attack receive direct payment from the victim. What do they do? These cyber attackers compromise the business data environment – and the rewards are huge. Besides, getting the victims to pay, now they do so anonymously by requiring victims to pay in digital coin such as bitcoin.
The most recent of these data breach crimes was the massive WannaCry attack. This bug affected more than 74 countries and thousands of computers. Originally, an NSA program used to spy on targets, it was stolen from the agency and leaked in April of 2017. The cyber criminals used it for ransomware and spread it throughout the world. After landing on a computer, it encrypts files and charges from $300 to $600 in blockchain currency (Bitcoin) to restore the documents. This is just one case of this type of successful hacking events, there were many before it, and without a doubt there will be many more to come.
Data breach efforts using ransomware have so far focused on file encryption, but future variations may bring in a combination of compromise methodologies. Many hacking pros already realizes that taking files for ransom is just one method of making easy money.
Attacking systems in this way, whether through vector corruption, exfiltration or disruption, then demanding a ransom may be the future of the newer and more conniving hacking environment.
What Is the Future of Business Data Breach Hacking?
Here are a few possible trends we may see moving forward with this type of data breach.
- Data Corruption – while this is the most common type of hacking of this type. Lately we have also seen database corruption attacks against MySQL and MongoDB.
- Backup Encryption or Wipeout – Backups are important as a way of mitigating ransomware. However, they can also be compromised and the process of getting systems back up can be costly for the enterprise.
- Data Exfiltration – Stealing highly classified documentation usually means that hackers are looking for money, and in some cases holding the data for ransom is less profitable than selling it on the darkweb.
It’s reasonable to assume that in the future most hacking attacks will also include some type of ransomware or extortion. It is through these infiltrations that data breach attackers will demand a ransom to stop, or in some cases, reverse the hacking attack. Considering this, organizations need to step up their cyber security efforts and protect their assets.
How Can Your Organization Protect Itself from Ransomware Hacking Attacks?
Dealing with ransomware is not easy. But we have added a few tips that can help your organization maximize its security, and in doing so, prevent an attack, or in case of infiltration, of minimizing the damage created.
- Conduct frequent data security audits, improve monitoring functionality and implement a reliable alerting system. These actions will allow IT teams to take immediate action and respond to breach situations.
- Enable real-time blocking.This allows for the organization to prevent attacks, and it goes a step further by giving your IT team a warning, allowing the team to block and quarantine users or hosts whose systems are in a state of compromise.
- Plant data decoys for hackers to steal and then alert IT teams of a hacker’s infiltration of the dummy data. This gives you an advantage and protects your real data from being hacked.
- Schedule and perform regular cyber attack discovery scans
- Deploy a cyber security solution with one management console to centralize the protection and file information.
Hacker Reputation + Potential Profit = More Ransomware
Some may argue that it’s unlikely for a victim to pay the ransom when an attacker is threatening to disclose data or wipe your data, mainly because the victim has no guarantee the attackers will stand by their word and dump the sensitive data or decrypt the data or won’t attack again (attackers are malicious and untrustworthy by definition, of course).
Though in practice, we can see that attackers are getting paid.
Odd as it sounds, ransomware “vendors” do care about their reputation. They want victims to know they stand on their word – that if you do pay a ransom on time as demanded, they will stop or reverse the attack. Otherwise, their reputation is tarnished, which could potentially destroy their business model.
In conclusion, crime associated with ransomware and cyber extortion, is just getting started. The potential profit to hackers is great, and the potential risk to organizational data is even greater. It is important that enterprises take steps now to protect against these type of attacks by implementing reliable cyber security measures.
If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.
Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.