Once thought of primarily as a rare, international tech crime, ransomware has become the “go-to method of attack” among threat actors, according to a Cybercrime Magazine article, “Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021.” Cybersecurity Ventures, the article says, estimates that businesses are being hit by ransomware attacks nearly every 11 seconds.
Top 5 Ransomware Insights from Cybercrime Magazine Editor in Chief Steve Morgan:
- Ransomware incidents are on the rise and have reached “epidemic proportions.”
- Ransomware recovery costs encompass more than the ransom itself.
- Ransomware attacks are becoming more sophisticated with bad actors utilizing tactics like spear-phishing.
- Education among organizational workforces and the general public is the best defense.
- Traditional Cybersecurity platforms are inadequate for defending against modern ransomware attacks.
What is ransomware and why is it growing so quickly?
Ransomware is defined as “malware that infects computers (and mobile devices) and restricts their access to files, often threatening permanent data destruction unless a ransom is paid.” Morgan writes that the rate of ransomware incidents has reached “epidemic proportions globally.”
Associated ransomware costs have reached unprecedented levels, as well. As reported on the website CIO, global ransomware costs (including remediation) rose from an average of $761,106 in 2020 to $1.85 million in 2021. This figure represents an average recovery cost that is now 10 times the size of the ransom itself. Much of that cost occurs in the aftermath of an attack. Organizations lose millions of dollars due to ransomware in the form of:
- Business downtime
- Lost orders
- Damage or loss of data
- Lost productivity
- Post-attack disruption to the normal course of business
- Forensic investigations
- Restoration and deletion of “hostage” data and systems
- Reputational harm
- Employee training initiatives aimed at preventing future attacks
- Ransom payouts
Over the past few years, ransomware attacks have become more sophisticated, morphing from “spray-and-pray phishing blasts to highly targeted and extremely damaging network-wide infections that can cause days or weeks of downtime for a whole organization,” explains Stu Sjouwerman in the Cybercrime Magazine article.
How can organizations protect against ransomware?
Education is key across the entirety of organizations, including among IT security teams, which must formalize response plans and heighten their awareness about ransomware as an increasingly common threat.
Employees outside the IT realm and the general public are also integral to raising an effective cyber defense position, especially given the roles of phishing and social engineering, which Sjouwerman identifies as the main Cybersecurity infection vector. KnowBe4 reports that more than 90% of Cyberattacks begin with spear-phishing emails.
Morgan writes that educating the world’s online population on spotting and reacting to spear-phishing emails is the “next best thing to giving them ransomware vaccines.”
In the meantime, ransomware attacks will continue to roll in, especially as new vulnerabilities have emerged across countless corporate networks due to the increase in remote work arrangements in the wake of the COVID-19 pandemic. In order to make these setups work, many organizations have made hasty changes to their network configurations that have left networks less protected.
Many are discovering that their Cybersecurity solutions are no match for the threat of ransomware, especially organizations using rules-based platforms like SIEM. Sjouwerman says, “It is an unfortunate fact of life that ransomware is here to stay and that traditional software-based endpoint protection is not able to protect well against this type of malware.”
MixMode is the antithesis of traditional software-based endpoint protection. Basic machine learning platforms center solely on labeling attacks before they happen, which is useless in protecting enterprises from attacks that use advanced adversarial technology. MixMode responds to real-time behavior that is anomalous to expected behavior based on a constantly evolving baseline.
As discussed in a recent article for Techiexpert, “How Predictive AI Protects Against Ransomware, GANs, and More,” MixMode’s predictive, third-wave AI capabilities allow organizations to gain immediate insights that can thwart many categories of cyberattacks, including ransomware. “Hackers will never get to the endpoint if they are discovered as soon as they enter the network,” explains MixMode CTO and Chief Scientist Dr. Igor Mezic.
So-called first- and second-wave AI solutions are not capable of identifying the vast majority of ransomware attacks simply because they haven’t encountered the specific parameters of incoming new attacks. Because there are infinite ways attackers can enter endpoints, Mezic writes, creating rules to try and prevent all of them is pointless.
“The only way to stop an attack no one has seen previously is to catch it on the network before it reaches the endpoint,” Mezic says, “and the only way to do that is to employ a predictive third-wave AI system capable of flagging anomalies, including never-before-seen anomalies, as they arrive.”