(Expansion) – Remote work, along with the rise in the use of mobile devices to make purchases, bank transactions or for mere entertainment, have become factors for the increase in cyber threats such as ransomware in the last two years.
This is a malicious code in the form of malware that encrypts the victim’s files, preventing access to the files and kidnapping them to later ask for a ransom through payments, usually in bitcoins.
Without a doubt, specialists and companies dedicated to cybersecurity must continue analyzing and incorporating new tactics to combat this threat. According to the FBI in 2020 alone, global ransomware groups have made approximately $692 million from their collective attacks, an increase of 380% over the previous six years combined ($144 million between 2013 and 2019) .
The “Ransomware Ecosystem” report developed by Tenable analyzes what is behind the strength of ransomware, its evolution to become an industry, the most used tactics, the new players and how they relate to each other.
The study reveals that ransomware groups have recently added other extortion techniques to their repertoire such as: launching DDoS attacks, known as a type of cyberattack that attempts to make a website or network resource unavailable by overwhelming it with traffic malicious as is the recent case of the INA that has suffered this type of attack; contact the clients of their victims or offer millions to employees to gain access. The job of those in charge of defending against these threats is becoming more difficult every day.
As for the issue of actors, the well-known ransomware groups are the ones with the most notoriety, but they are not the only ones. These are responsible for testing and developing the ransomware itself, creating and hosting dark web leak websites, and managing the negotiation process with each victim.
However, the real secret behind why ransomware attacks have grown exponentially lies with the propagators and Initial Access Brokers (IABs). Propagators are the drivers responsible for driving ransomware attacks. These cybercriminals identify, offer targets (potential customers), and infect victims, then lure them into ransomware groups with the goal of “closing a deal.” In return, they earn between 70% and 90% of the ransom payments.
IABs are the specialists in gaining access to organizations through various means and they sell access to the highest bidder. In fact, their fees range from $303 on average for control panel access and $9,874 for Remote Desktop Protocol (RDP) access.
Ransomware attacks with this new proven success formula will persist, which is why I’m sharing three strategies organizations can follow to mount a better defense against a much more aggressive ecosystem:
1. Implement multi-factor authentication for all accounts in the organization. Ransomware groups buy access from organizations through IABs that provide credentials or exploit vulnerabilities that reveal login credentials. Therefore, I recommend adding multi-factor authentication as a requirement to add an additional layer and make it harder for ransomware attackers.
2. Identify and patch vulnerable assets in your network in a timely manner. We know that ransomware groups are experts at exploiting known but unpatched vulnerabilities, so it is important for organizations to identify any vulnerable assets within their networks and apply the corresponding patches. The report identifies 78 known vulnerabilities widely used by ransomware groups that patching them can drastically reduce the risk of an attack.
3. Promote a corporate culture of cybersecurity. In addition to incorporating cybersecurity technology, employees must be made aware of the risks that currently exist so that they can protect themselves during their work hours, as well as in their personal activities. With courses, talks or sending small presentations, they are good alternatives so that they themselves can identify how to prevent risks that are distributed on Internet pages, social networks, unverified applications, etc.
In the first quarter of 2022, Mexico was the country with the highest ransomware activity in Latin America. As long as the ransomware ecosystem continues to thrive, it can spread into sectors vital to the economy such as large organizations or the government itself.
Therefore, it is imperative that these entities prepare in advance to be in the best possible position to defend themselves and respond to this or any other type of threat.
Editor’s note: Carlos Ortiz Bortoni is an IT veteran and engineer, with more than 30 years of experience in security and application delivery areas. He is currently General Director of Tenable Mexico, where he is responsible for leading the business strategy in the country. Follow him on . The opinions published in this column belong exclusively to the author.
