Ransomware has been a significant symptom to network security risk for quite some time. However, COVID-19 and its effects on how companies do business have caused ransomware attacks to surge in the past 18 months – and these threats will only continue to grow. Here’s an overview of ransomware, the reasons for the escalating attacks, and why there is indeed a solution for ransomware detection and response.
In May of this year, as COVID-19 was waning but still prevalent, cybersecurity expert Christopher Krebs, the former head of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, warned a group of politicians about a pandemic of a different kind – ransomware. Addressing the House Committee on Homeland Security, he made a bold statement: Cybersecurity attacks – specifically ransomware – are a national security risk.
“Considered a low-dollar, online nuisance crime only a few short years ago, ransomware has exploded into a multibillion-dollar global racket that threatens the delivery of the very services so critical to helping us collectively get through the COVID pandemic,” Krebs said in his testimony.
Two days after Krebs’ testimonial, the Colonial Pipeline ransomware attack occurred. The largest pipeline system for refined oil products in the United States needed to shut down major portions of its 5,500-mile pipeline, and eventually paid a $5 million ransom – but not before the attack caused a shutdown at approximately 12,000 gas stations across the Southeast, causing a gas-buying panic with inflated prices to match.
It’s clear – ransomware is no longer just a nuisance if an attack has the ability to disrupt the U.S. economy. In this post, we’ll break down what ransomware is, why it’s become so prevalent so quickly, and how these particular cybersecurity threats can be stopped. Because they can be stopped with the right cybersecurity tools – even if current evidence shows the opposite.
What is ransomware?
Ransomware is a form of malicious software (malware) that encrypts a user’s files or computer, preventing them from having access. To unlock access, the attacker will demand a ransom payment from the user – usually through untraceable cryptocurrency (i.e., Bitcoin).
To encrypt a device or data, a threat actor first needs to gain access. They do that through a variety of ways – phishing emails, weak passwords, malicious advertising and website links, and by preying on individuals and organizations with poor cybersecurity risk management practices. Depending on the type of ransomware, attackers either threaten to publish or leak personal data, or block access to it until the ransom is paid.
When it comes to ransomware, no one is safe. It can wreak havoc on any device, organization, or individual.
Why are ransomware attacks on the rise?
Ransomware is the fastest-growing form of cybercrime. In 2015, global ransomware attacks cost the world $325 million. Six years later, that number is $20 billion (Braue, 2021).
The ransomware explosion is a confluence of a few factors:
- Vulnerabilities in Cloud Security Solutions & Devices: Krebs summed this reason up nicely as part of his May testimony, citing “our seemingly pathological need to connect everything to the internet, combined with how hard it is to actually secure what we have connected.”
- COVID-19: When offices around the world closed because of the pandemic, companies needed to adjust to working from home seemingly overnight – and that made already weak security even more precarious. A company’s IT team in charge of cybersecurity risk management was suddenly managing incidents in uncharted territory and had to react with preventative network security solutions in place to accommodate more flexible work-from-home environments.
- The Emergence of “Ransomware-as-a-Service”: In addition to launching attacks of their own, ransomware attackers are getting even more sophisticated – and making money in the process – by selling the tools they’ve developed to aspiring cyberattackers. These affiliates get a percentage of successful ransomware payments.
- The Cycle of Ransoms: To end the attack, victims often pay the ransom – this is especially true when it comes to healthcare organizations, where locked-down devices or data could literally mean life or death for patients. However, it’s worth noting that while organizations might pay to simply make the problem go away, these payments often go toward funding and perpetuating more attacks.
These factors have led to several hard-hitting ransomware attacks in 2021. Including the Colonial Pipeline attack in May, here are just a few:
- In early September, Howard University was forced to cancel classes after being the victim of a ransomware attack. Although the school said there was no evidence that personal data had been stolen, it still shut down the university’s Wi-Fi, putting all online and online-hybrid classes on hold.
- This summer, the IT firm Kaseya was hacked, with cybercriminals demanding a total of $70 million in ransom. Thousands of managed service providers and their customers were locked out of their systems, resulting in widespread downtime.
- In March, CNA Financial Corp., one of the United States’ largest insurance companies, was locked out of their network for nearly two weeks following a ransomware attack – and paid $40 million in ransom (Stieb, 2021).
Can ransomware attacks be prevented?
In short? Yes.
It would be easy to look at all the factors that cause ransomware attacks – and all the incidents that have happened just this year – and assume that a ransomware attack is inevitable. There’s just too much that we can’t control. It’s not a matter of if, but when.
We disagree. With the right cybersecurity solution, these attacks could have been prevented – and future incidents can be mitigated as well. And by “the right solution,” we’re talking specifically about our CyberSafety CC/B1 Platform™. The CC/B1 combines the best of both worlds – security orchestration, automation, and risk response (SOAR) technology with extended network threat detection and response (X/NDR) capabilities.
Utilizing advanced mathematics, machine learning and predictive analysis, our CC/B1 delivers a nearly impenetrable layer of network protection to an organization’s existing security stack, delivering 99.9999999% accurate threat detection with zero-trust accuracy – lowering the risk of a company’s network security breach. Similar to having a Firewall Everywhere™, the CC/B1 deploys without operational disruption in minutes and demonstrates its value within 72 hours – collecting data from all IT devices on the organization’s network and creating a visible and holistic risk control posture of an organization’s network landscape. The CC/B1 is an important layer of security for mitigating ransomware attacks, where speed and accuracy are critical to neutralizing the risk of compromise.
Third-party penetration testing of the CC/B1 Platform – whereby its efficacy was proven by the Rochester Institute of Technology’s (RIT) Eaton Cybersecurity SAFE Lab, in which the lab’s thorough and rigorous testing showed the platform provides significant defensive capabilities against many common cyber threats. The platform was deemed unhackable by over 400 attackers at our industry’s leading conferences – BlackHat USA and DEFCON 29.
We also know that cybersecurity companies consistently overpromise and underdeliver. It’s one thing to create technology that stops threats – it’s another to guarantee protection and back up a cybersecurity platform with a warranty. So, we’re doing BOTH. We’re so confident that the CC/B1 will stop cyberattacks, we’re including a $1 Million Ransomware Warranty (at no additional cost) with a three-year subscription, and a $250,000 warranty for a one-year contract. If the CC/B1 platform fails, the customer gets reimbursed.
The ransomware protection warranty is one of three network data protection offerings that CloudCover is rolling out over the next six months:
- November 2021, we’ll be rolling out cyber insurance designed to cover all aspects of a cybersecurity breach and liabilities that include customer and vendor notification costs, information system business interruption (ISBI) incurred by an organization, including federal HIPAA law violations, and any service level failures concerning contractors and vendor partners.
- February 2022, we’ll have offerings around an entirely new category for our industry – cybersecurity network data insurance. This protection will insure data in-motion with first- and third-party liability coverage and property value cover – making it possible for organizations to value and insure their data just as they would other company assets – something that’s been dismissed as not possible within the insurance industry.
Ransomware is widespread, ever-evolving, and powerful – and it can be stopped.
To learn more about our AI/ML automated CyberSafety CC/B1 Platform – or to schedule a demo to see if a proof-of-concept test is right for your company – visit us at https://cloudcover.cc/cybersafety-platform/.
References
Braue, David. (June 3, 2021). “Global Ransomware Damage Costs Predicted to Exceed $265 Billion by 2031.” Cybercrime Magazine. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/
Krebs, Christopher (May 5, 2021). “Testimony of Christopher C. Krebs Before the Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, & Innovation.” https://homeland.house.gov/imo/media/doc/2021-05-05-CIPI-HRG-Testimony-Krebs.pdf
Stieb, Matt (September 7, 2021). “What’s Driving the Surge in Ransomware Attacks?” New York Magazine’s Intelligencer. https://nymag.com/intelligencer/article/ransomware-attacks-2021.html