Is ransomware as persistent as Covid?

In July 2021 Interpol called for police agencies worldwide to form a global coalition with industry partners to prevent a potential ransomware pandemic.

Based on fresh data from IDC's Future Enterprise and Resiliency Study 2021, it looks like as many as 61% of organization in Asia Pacific have been struck by ransomware attacks in the past 12 months, a threefold increase from the same study that was run in July, at the time the Interpol announcement was made.

This is a startling statistic since this is not a new threat, nor is it an unknown threat, and the financial damage of such threats are well documented. It concerns me that, in spite of being armed with the knowledge that such threats were (are) imminent, we seem unable to stem the tide of breaches – and I would like to understand why?

Having studied the cybersecurity market quite deeply over the past 8 plus years (and having been a part of the industry since the mid-1990's) I understand that the capabilities of the technologies used today to defend against threats has grown exponentially. In the case of ransomware, it is not just the defenses that traditional security technologies can deliver, but also a robust data management, specifically data backup, strategy – this is an extra layer of protection.

However, ransomware tactics have also changed over the past few years. A few years ago this was very much a shotgun approach: spray a few million emails across the internet and catch some poor (in some cases, incredibly poor) individual or business and collect dollars each time someone needs the decryption keys, which can net a tidy sum.

These days its more targeted. Social engineering is often used to identify weak links in the management chain and a much more deadly, targeted, piece of malware is sent that ultimately turns into the traditional ransomware attack, locking end users and businesses out of their own data, in many cases.

So why are we failing to detect, deflect and defend ourselves from ransomware?

Is the new data point simply the tipping point we have been waiting for, and from now on everyone will have learned how to defend themselves, or are we heading for (as with Covid) more waves, repeat infections and will we have to get used to a world where ransomware is endemic (I for one hope not).

I will spend much of my time looking into this and try to share some stories of how end users have successfully defended themselves against this type of attack (understanding that anonymity will be needed here. No point inciting a threat actor with your skills). Clearly the police agencies are having some success, with announcements of gangs being arrested in October and November of 2021 (according to Interpol press reports), but we cannot rely on law enforcement, as many of these attacks are under the radar of the local law enforcement where these criminals are based, or not illegal as the host-nation is not a target – so, whilst there are many other cyber threats to worry about in 2022, I hope we can focus on how to defend against ransomware and in turn reduce the return on investment to the cyber criminals, so that they lose interest in this line of income. We would all like to see this disappear as much as, I am sure, we all wish Covid would.

As you can see there are a lot of angles to studying this. Technical, legislative, societal - and luckily for me I work at an organization that will allow me to delve deeper and publish on the topic. If you feel motivated to share a story or idea, let me know. I will post more here for all to use as I unearth.

In the meantime good luck for 2022. Do try your best to stay healthy and secure.