By CISO T.J. Minichillo
Ransomware is a global epidemic from which no organization — small, medium or large — is immune. Cyber criminals launch a new ransomware attack every 11 seconds, regardless of the industry sector or the depth of security defenses behind its firewalls.
From small businesses to hospitals, food suppliers, energy companies and critical national infrastructure, the odds of becoming the next ransomware victim are already sky high and getting worse. The average ransom paid by organizations grew from $115,123 in 2019 to $312,493 in 2020 – a whopping 171% year-over-year increase.
Criminals Are Getting Bolder
Large payouts, coupled with a relatively low risk of being caught, are encouraging criminals to launch these attacks with greater impunity. The bad actors behind these attacks are highly organized and well-funded. They leverage phishing and social engineering schemes, custom hacking software and other technical weaponry on a growing number of people and digital targets to hijack confidential data on a massive scale.
Most people think ransomware attackers just lock and encrypt data as a one-time-only event. But ransomware has become far more devastating and pervasive, with attacks staged in three distinct phases:
Phase 1: This phase is all about a criminal getting into your organization’s system without you knowing it, then controlling that system without being detected for as long as possible and trying to extort a ransom from the victim. Stealth evasion techniques enable an attacker to snoop and steal data undetected for weeks or even months. By the end of Phase 1, the perpetrator will launch file-encrypting ransomware that locks a victim’s data. If the extorted data and system can’t be recovered from a backup, then the victim maybe be forced to pay the ransom to have their data and system unlocked.
Phase 2: Ransomware criminals continue their money-making scheme during this phase by threatening to publicly expose a victim’s data if their ransom demands aren’t met. Although most companies pay a ransom to regain access to their data, studies show some or all of it will often be corrupted. Even worse, attackers usually copy a victim’s stolen data to leverage it in multiple extortion attempts with even bigger ransom demands.
Phase 3: This is the real money-maker for criminals, a recurring revenue stream with endless potential as they up their ante by threatening to sell or disclose your data to third parties, customers or business partners. When victims refuse to pay up, the attackers will then target the victim’s customers, suppliers, and partners as part of their blackmailing campaign. Suddenly, your data backups and recovery plans become worthless as the reality of reputational damage, compliance fines and potential lawsuits hit home.
So, how do you take the threat of ransom out of ransomware attacks?
In addition to best practices like patching and regular backups, the only sure-fire solution is for data to protect itself, from the inside out.
Imagine if, in today’s highly porous digital world, every piece of your data would become so intelligent that it would automatically protect itself from cyber criminals, regardless of where that data was stored or for how long. Imagine if every CEO knew precisely where, when, how and who accessed their data – no matter where that data went in the world or how long it was “in the wild.” Imagine if every piece of data ever sent would let you restrict or revoke access to that data at any time, no matter where it was kept or who had it – even if that data had been exfiltrated through ransomware.
Data-centric cybersecurity is a powerful new paradigm for improving every organization’s cybersecurity defenses. It’s an offense that infuses data itself with intelligence, self-protection and self-awareness elegantly and simply, without having to rely on porous external security tools to try to protect it from bad actors or chase it down after a breach.
Ransomware criminals are making big money off your data. Isn’t it high time you turned the tables on them with a hijack-proof solution?
About the Author
T.J. Minichillo is Keyavi’s chief information security officer (CISO) and VP of cyber threat & intelligence. He is a nationally renowned cybersecurity and intelligence expert, helping to detect and thwart many of the world’s significant cyber threats. He has held strategic intelligence roles in financial services, the military and energy, including global head of threat intelligence at both National Grid and Morgan Stanley, deputy director at Citigroup’s Cyber Intelligence Center, chief cyber intelligence officer at Merrill Lynch, and senior intelligence special agent at the Department of Defense. Follow him on Twitter and LinkedIn.