By Joshua Ivy, Information Security Analyst
Ransomware Attacks on the Rise
Ransomware is a term you’ve heard ever increasingly the past few years, but you might need help to understand precisely what it is. Ransomware is malicious software that encrypts a victim's data, rendering it inaccessible until a ransom is paid to the attacker in exchange for the decryption key. Orchestrated by cybercriminals, these attacks can target individuals, businesses, and even governments. A few common ways organizations find themselves victims of ransomware are through phishing emails, malicious attachments, or exploited system vulnerabilities. However, the primary motivation behind ransomware attacks is money; cybercriminals often demand payment in cryptocurrencies to maintain anonymity.
While the first known ransomware program, “PC Cyborg,” originated in 1989, ransomware was not a genuine concern for organizations until the early 2010s. Since then, ransomware has been rapidly on the rise. For comparison, in 2017, 183 million ransomware attacks occurred globally; in 2022, that number more than doubled with 493 million attacks. Thus, organizations are constantly looking to improve their detection and prevention solutions, but no solution is absolute. In a recent example, there was a ransomware attack targeting a Point of Sale (PoS) solution called Aloha on April 13th, 2023, offered by NCR Corporation. Cybercriminals installed ransomware on an NCR server that handled the PoS transactions for a subset of their hospitality customers. This attack crippled their customer’s ability to process payments, and NCR will likely do what 62 percent of all victims have done: pay the ransom. Otherwise, it could take NCR several days or even weeks to remediate its compromised systems which would, in turn, keep its customers unable to operate.
Evolution of Ransomware
NCR is only a single example of an ever-growing concern organizations will continue to face. As organizations evolve their security solutions, cybercriminals adapt their ransomware; this evolution is often referred to as ransomware families. Ransomware families are groups of related ransomware strains with similar features, tactics, or codes. Over time, these variants undergo modifications to improve their methods, elude detection, or cater to specific industries.
While ransomware development and implementation require a technical background, cybercriminals now offer it as a service. Similarly, how an organization can utilize Microsoft Azure or Google Cloud Platform-as-a-Service with little to no knowledge of the underlying infrastructure; cybercriminal groups are offering Ransomware-as-a-Service (RaaS). This allows threat actors, who otherwise might lack the technical skills, to deploy ransomware developed by cybercriminal groups on organizations of their choosing. The ease of access and deployment of ransomware via RaaS has undoubtedly caused an uptick in ransomware attacks.
As demonstrated by the NCR Aloha incident and the growth of RaaS, these attacks can have far-reaching, severe consequences and are constantly changing. As with any threat prevention and detection, no one solution will solve your ransomware woes. Instead, a multi-layered approach focusing on proactive and reactive measures can mitigate or reduce your organization’s risk. Utilizing a combination of solutions such as proper patch management, email security solutions, the principle of least privilege, educating your employees, and so on can help reduce the attack surface and potentially deter threat actors from targeting and impacting your organization. Therefore, organizations must invest in robust cybersecurity measures to handle the ever-changing ransomware environment, ensuring your organization is not the next to fall victim to a ransomware attack.