Last year saw double the amount of phishing attacks as 2019, with the majority of organizations bing tricked and transferring large ransoms in order to retrieve their data to prevent private information from being shared publicly or sold to other hacking groups.
At the beginning of 2020, downloading data before the deployment of ransomware was still only being complete by a minority of ransomware gangs, but that trend altered as the year progressed. By December around 17 hacking groups were implementing this double extortion process and were stealing sensitive data before encrypting files. A lot of attacked groups had no option other than to pay the ransom requested in order to deal with the threat of publication of sensitive data.
The range of ransomware attacks in 2020 has been emphasised by various studies by cybersecurity experts over the past few weeks. Chainalysis recently released a report that suggests more than $350 million has been transferred to cybercriminals in 2020 alone, based on a review of the transactions to blockchain addresses known to be deployed by ransomware threat groups. Obviously that figure is likely to be much lower than the true total, as many businesses do not share that they have suffered ransomware attacks. To give that figure proper meaning, a similar review in 2019 estimated the losses to be around $90 million. Those figures are for ransom payments alone, not the cost of addressing attacks, which would be many orders of magnitude higher.
The rise in attacks can be partly put down to the change in working practices due to the pandemic. Many businesses changed from office-based working to a distributed remote workforce to prevent the spread of COVID-19 and keep their employees secured. The swift change involved hastily implementing remote access solutions to support those workers which introduced flaws that were readily exploited by ransomware group.
Measures to Take to Prevent Ransomware Attacks
What all companies and groups need to do is to make it as difficult as possible for the attacks to hit their targets. While there is no one solution for preventing ransomware attacks, there are measures that can be taken that make it much harder for the attacks to bear fruit.
With the majority of ransomware attacks now beginning with a phishing email, an advanced email security solution is a crucial. By using best-in-market solutions like SpamTitan to proactively secure the Office365 environment it will be much easier to prevent threats than simply depending on Office 365 anti-spam protections, which are commonly bypassed to transmit Trojans and ransomware.
A web filtering solution can prevent ransomware from being delivered to your systems. Multi-factor authentication must be put in place for email accounts and cloud apps, workers should be educated in how to spot threats, and monitoring systems should be enable to permit active attacks to be discovered and addressed before ransomware is launched.