Will There Be an End to the Ransomware Pandemic?
Ransomware is the biggest pandemic for IT professionals. It remains the most common type of malware, accounting for nearly 2/3 of malware attacks.
Is There No End to the Ransomware Pandemic?
Pandemics are receiving a lot of media coverage right now. But the one most on the radar of those in IT and security is ransomware. According to the Positive Technologies Q1 2021 Cybersecurity Threatscape report, ransomware remains the most common type of malware, accounting for nearly 2/3 of all malware attacks.
It is easy to see why 2020 was a banner year for ransomware. But the research shows an increase in ransomware in Q1 of 2021 of 17% compared to Q1 of 2020. 77% of the malware consists of targeted attacks against government, industrial, scientific, and educational organizations. The bad guys are after personal data and credentials, as well as stealing commercial secrets.
When IT gets a handle on one type of malware, another strain emerges rapidly. Thus, new pieces of ransomware have emerged of late such as Cring, Humble, and Vovalex. Despite all the new strains, it is sometimes the golden oldies that reap the best rewards. That’s why new variants of WannaCry are causing havoc once again, reprising their heyday back in 2017.
Another successful tactic is to harness rarely used programming languages in order to escape the attention of security scanners and avoid threat prevention technology. To make matters worse, some attackers make use of features that can successfully erase any traces of malicious activity.
Success Breeds Larger Ransoms
In sport, a good season with high numbers often leads to a lucrative contract. It’s the same with ransomware. Following the high-profile attacks on SolarWinds, Kaseya, and the Colonial Pipeline, cybercriminals are now demanding far more in exchange for a return of files, or services. Those who refuse to pay are often subjected to threats to expose the attack and the extent of the data theft to the press, or reveal the hack to the customer base. Alternatively, they find sensitive data and release it to the public, threatening to do more of the same if a ransom is not paid.
While government, education, healthcare, and industry may be in the crosshairs, IT organizations aren’t off the hook. Attacks of IT companies remain high for the second quarter in a row, according to the report. Cybercriminals have also turned their hand to developing malware that infiltrates virtualization environments and virtual infrastructure. This is rich pickings at the moment due to the number of companies that continue to operate remotely.
But perhaps the most lucrative area for attackers is the exploitation of known vulnerabilities. It isn’t hard to imagine cybercriminals sharing tales by the water cooler about being able to infiltrate yet another organization via a well-publicized vulnerability that has had a patch available for two months. A colleague no doubt interrupts to say, he got one where the patch was six months old but had never been installed. And then another one pipes up with his tale of an uninstalled two-year old patch that enabled him to hold an organization to ransom.
Shocking as that may sound, it is commonplace for attackers to find a way in by exploiting unpatched systems. It may seem hard to believe, but it’s now more than a year since the SolarWinds attack first made headlines. Yet new victims of this exploit continue to be reported.
How Syxsense Can Help
The first line of defense against ransomware, therefore, is patching. Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.
In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.