Ransomware is the most significant cybersecurity threat facing organisations today as increasingly professional and sophisticated cyber criminals follow the money in order to maximise the profit from illicit campaigns.
ENISNA, the European Union Agency for Cybersecurity, has released the latest edition of the ENISA Threat Landscape (ETL) report, which analyses cyber-criminal activity between April 2020 and July 2021. It warns of a surge in cyber criminality, much of it driven by the monetisation of ransomware attacks.
Although the paper warns that many different cybersecurity threats are on the rise, ransomware represents the 'prime threat' faced by organisations today, with a 150% rise in ransomware attacks during the reporting period. And there are fears that despite the problem of ransomware attracting the attention of world leaders, the problem will get worse before it gets better.
SEE: A winning strategy for cybersecurity (ZDNet special report)
"We are observing the golden era of ransomware -- it has become a national security priority -- and some argue that it has not yet reached the peak of its impact," the paper warns.
Cyber criminals trigger a ransomware attack by secretly compromising networks -- often via phishing attacks, compromising cloud services or exploiting vulnerabilities -- before installing file-encrypting malware across as many systems as possible. Victims are locked out of files and servers, and the cyber criminals demand a ransom payment -- made in cryptocurrency -- in exchange for the decryption key. In many cases, the victim will pay up.
One of the key drivers behind the increased threat of ransomware is the amount of money that can be made; cyber criminals can walk away with millions of dollars from a single attack. It's likely that the success of ransomware campaigns will only encourage more bad actors to get involved with ransomware, particularly when it comes to hands-on operations that can cripple an entire network.
"Our assessment is that more cyber criminals will very likely be attracted to shifting their targeting to focus on targeted ransomware operations and replicate these successes," said the ENISA paper.
Incidents like the Darkside ransomware attack against Colonial Pipeline demonstrated how disruptive a ransomware attack can be, to the extent it has an impact on everyday lives. The incident led to gas supply shortages in the North Eastern United States, causing people to try and stockpile supplies. In the end, Colonial paid cyber criminals almost $5 million for the decryption key.
While events like this receive a lot of attention, it's believed that there are many more ransomware attacks where victims quietly pay the ransom without any publicity. "The incidents that are publicly disclosed or that receive media attention are only the tip of the iceberg," ENISA warns.
However, the report also notes that action is being taken on ransomware, with governments having "stepped up their game", recognising the threat and conducting multinational efforts in an attempt to deal with the issue. The report also details how the last year has seen several arrests made over involvement in ransomware gangs, indicating that, for some cyber criminals at least, their actions have consequences.
"Given the prominence of ransomware, having the right threat intelligence at hand will help the whole cybersecurity community to develop the techniques needed to best prevent and respond to such type of attacks," said ENISA executive director, Juhan Lepassaar.
"Such an approach can only rally around the necessity now emphasised by the European Council conclusions to reinforce the fight against cybercrime and ransomware more specifically."
Organisations are encouraged to develop a mitigation strategy involving secure backups, so in the event of a ransomware attack, the network can be restored without giving into the ransom demand.
Operating systems and software should also be kept updated with the latest security patches so cyber criminals can't exploit known vulnerabilities to enter or move around the network. Applying multi-factor authentication to accounts can also help prevent intrusions that could eventually lead to a ransomware attack.
MORE ON CYBERSECURITY
- Ransomware: Looking for weaknesses in your own network is key to stopping attacks
- Have we reached peak ransomware? How the internet's biggest security problem has grown and what happens next
- Ransomware: Even when the hackers are in your network, it might not be too late
- Ransomware gangs are complaining that other crooks are stealing their ransoms
- These ransomware criminals lost millions of dollars in payments when researchers secretly found mistakes in their code