What Can Organisations Do in Response to the Growing Threat of Ransomware Attacks?

Ransomware has been a significant threat to organisations since the mid-2000s. And with the accelerated digitalisation during the Covid-19 pandemic, dealing with ransomware attacks has become a nightmare scenario for many organisations and IT and security departments. According to Kaspersky, from January to November 2021, nearly every second security incident handled by its Global Response Emergency Team (GERT) was connected to ransomware. The most common targets were those in the government and industrial sector; together, attacks against those two industries compromised nearly 50 per cent of all ransomware-related incident response requests in 2021, reported Kaspersky. Other popular targets included IT and financial institutions.

Ransomware isn’t going anywhere

Ransomware attacks have increased dramatically over the years. For example, in 2017, the global shipping company Maersk lost more than $300 million to an attack that devastated its information technology systems. In 2019, malware called WannaCry, weaponised a stolen US National Security Agency tool to shut down computers worldwide, causing $4 billion in estimated damages.

Nowadays, criminals are increasingly using Covid-19-themed phishing baits to prey on consumers and employees. KPMG mentions some of the lures that include – information about vaccines, masks and short-supply commodities like hand sanitiser, financial scams offering payment of government assistance during the economic shutdown, free downloads for technology solutions in high demand, such as video and audio-conferencing platforms and critical updates to enterprise collaboration solutions and consumer social media applications.

A Proofpoint research noted that cybercriminals are spoofing the login portals of schools like Vanderbilt University, the University of Central Missouri and more in the US. “We expect more threat actors will adopt Covid-19 themes given the introduction of the Omicron variant,” the cybersecurity company said in a statement. 

Meanwhile, in the Middle East, Saudi Aramco confirmed in July 2021 that some company files were leaked, after hackers reportedly demanded a $50 million ransom.

The Associated Press reported that one terabyte of Saudi Arabian Oil company data had been held by an extortionist, citing a web page it had accessed on the darknet. The oil giant employs over 66,000 employees and brings in almost $230 billion in annual revenue.

Data is being stored in encrypted forms, and criminals are demanding millions of dollars in ransom in return for its release. These ransomware attacks are knocking businesses offline, causing significant interruption to operations and supply chains.

“Ransomware operators aren’t just encrypting data; they’re stealing it from critical, large-scale targets and threatening to expose the information if the victims doesn’t pay,” comments Vladimir Kuskov, head of Threat Exploration at Kaspersky.

Saudi Arabia – Robust cybersecurity measures

According to KPMG’s industrial cyber defence publication, the frequency of cyberattacks on industrial operations has increased with ransomware, particularly acute in Saudi Arabia. The estimated costs of these ransomware attacks have skyrocketed, climbing from $8 billion in 2018 to $11.5 billion in 2019 to $20 billion in 2020. 

Saudi Arabia has all the measures in place for a robust security system. The country’s National Cybersecurity Authority works closely with private and public entities to improve its cybersecurity posture and safeguard its vital interests, national security, high-priority sectors and government services. 

Earlier this year, the country also launched a series of technology initiatives worth over $1.2bn to improve the digital skills of 100,000 Saudi youngsters by 2030. Among the initiatives was @HACK, the cybersecurity event organised by the Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Markets, in association with Black Hat. The three-day event, which took place from November 28-30, 2021, aimed to redefine the future of cybersecurity in the region. During the event, cybersecurity experts, ethical hackers, risk and IT professionals, government policymakers, researchers and academics, and other stakeholders in the security sphere discussed the emerging security risks, cybersecurity best practices and new solutions to address the wide-ranging issues facing the global cybersecurity sector today.

Over 200 expert speakers presented briefings on the latest developments in security. “What Riyadh has accomplished in one year would take 15 years anywhere else,” said Steve Wylie, vice president, Cybersecurity Market at Informa Tech, in a press statement. 

A holistic path to cybersecurity

Following a dramatic increase in ransomware attacks, Mimecast suggests a layered security strategy approach for the best protection. First, the cybersecurity company advises hardening the email perimeter. Email continues to be the most appealing attack vector. The most effective approach to achieve this is to use a mature, cloud-based secure email gateway with advanced incoming and outgoing scanning.

Secondly, it urges organisations to monitor and shadow IT. The barriers between employees’ personal and professional life are becoming increasingly blurred as the hybrid digital workplace grows in popularity. Unsecured wi-fi, public file-sharing services and insecure website access upsurge the risk to the user and the organisation. By gaining greater visibility over applications, IT and security teams can monitor which apps are being used and block those that pose a threat to the business. 

Finally, Kaspersky recommends implementing endpoint detection and response solutions for endpoint level detection, investigation, and timely remediation of incidents.