Bridgeway Managing Director Jason Holloway recently spoke to journalist Marian McHugh at CRN for her article about the 'rise' of ransomware. Here is an excerpt below or you can read the full article here.
Why ransomware is back with a vengeance
As cybersecurity vendors report an increase in the number of ransomware attacks this year, CRN asks what is behind this resurgence
Despite its innovative nature, the tech sector is no different to any other when it comes to crime, whereby if there is money to be made, there is usually a shady character concocting a scheme to steal it away.
Ransomware arguably hit its peak (so far) in 2017, with the notorious WannaCry attack crippling businesses worldwide and exposing the NHS' security flaws.
Conversely, 2018 saw a severe decline in the number of these type of attacks.
However, several cybersecurity vendors - including Malwarebytes, SonicWall and Sophos - have published reports stating that the first half of 2019 has seen a rise in ransomware attacks.
The UK, in particular, has seen a disproportionate number of attacks compared with other countries during this period.
SonicWall reported that despite an overall decline in malware volume, there were 111 million ransomware attacks in the first six months of this year, representing a 15 per cent year-on-year rise.
Specialists know that there is no one cure when it comes to attacks like these, but what accounts for this ransomware renaissance - and why now?
Adam Louca, chief technologist of security at Softcat, said he is seeing an increase in the number of ransomware attacks, but clarifies that the increase is in successful attacks. He attributed this to a change in the hacking style favoured by cybercriminals.
"[The increase in ransomware attacks] is definitely happening," he said.
"Even though I would probably argue that there are fewer attacks by volume, the attacks are more successful because they are tailored and targeted at organisations.
"We've seen a shift away from ransomware being delivered by malicious attachments to email addresses.
"What has changed is a shift away from these fall-based malware email attacks to a network-level approach, which has given hackers more scale and is a little more effective."
These network-level attacks are done through Remote Desktop Protocol (RDP), whereby botnets search the internet for open RDP ports for ways to get into networks. This is a crafty approach to ransomware as cybersecurity products can't offer much yet to defend against it.
"People haven't been focusing so much on that shift towards this network-level attack, instead they've invested in security and anti-virus," added Louca.
"Now, hackers have shifted to this new methodology using RDP and we don't have any defences for that, so the attack is more likely to be successful."
However, not all agree with Louca's assessment. Jason Holloway, MD of Bridgeway Security Solutions, is of the view that it is not necessarily that the number of attacks is up, rather that recent regulation means organisations have to be more transparent when they are the victims of these events.
"In terms of the overall number, we're not seeing a significant increase at this moment in time," he stated.
"We not necessarily seeing a rise in ransomware attacks, but a rise in the publication of news stories around them.
"Under GDPR, organisations now need to be more transparent with data loss and attacks against the private data of individuals that is stored in organisations. We are therefore seeing an overall increased perception of the risks and impact of ransomware attacks.
"We are seeing organisations that would otherwise try to sweep this under the carpet and pretend it didn't happen, now recognising that by doing so there's a possibility of having a more significant financial impact in terms of the penalties being imposed by the regulators."
Ransomware's third act
As with all elements of cybersecurity, there is no single cure to a ransomware attack. However, big or heavily publicised attacks can draw an organisation's attention to its own defences and processes should it find itself the victim of ransomware.
"These sorts of attacks raise the profile of information security within the organisation, which sometimes makes the conversations around information security generally - and anti-malware specifically - a little bit easier, and hopefully more lucrative for information security specialists working in that space," said Bridgeway's Holloway.
"It also brings to the board the perennial challenge of managing risk, which isn't necessarily an easy bedfellow, for some of the corporate boards.
"However, this increased visibility does help promote the risk to the board-level agenda, which means conversations about property investments in products, policies, processes and people rise up on the corporate agenda.
"The reality is that you can only protect an organisation so far, and the better-prepared organisations are those that have recognised that it isn't a question of stopping all possible forms of attack but actually having systems and processes in place to cope with a successful attack quickly and efficiently with a minimum of damage.
"Having a proper belt-and-braces approach in the first place will save them a lot of pain and hassle later on."
To read the full article click here