Ransomware attacks have evolved into something more dangerous


Parag Narang | Updated: 29-05-2020 18:02 IST | Created: 29-05-2020 18:02 IST
Ransomware attacks have evolved into something more dangerous
Representative image

Nowadays, ransomware attacks have become so common that incidents happen almost daily. These attacks have shut down businesses, healthcare systems, and even governments.

Only the most prominent examples reach the news. But no target is too small for these cybercriminals who managed to inflict billions in damages last year alone.

What is a ransomware attack? Ransomware is a type of malware that infects devices. Then it locks the user out of essential files (or the control of the whole system) until he or she agrees to pay a ransom.

Last year, the average ransomware demand was $84,000. It's a number few businesses can afford without putting themselves in financial trouble. Even when they can and do agree to pay, the fraudsters rarely return the control of the files to their rightful owners.

Enter Maze and New Style Ransomware

The classic ransomware attacks cause enough damage as it is. But in the last six months, ransomware has become even more threatening with the first wave of "two-pronged ransomware attacks."

Two-pronged or two-stage attacks involve the addition of an extra layer of data exfiltration to these cyber threats. Besides locking users out of their files, hackers threaten to make the data public if the ransom fee is not paid or their warnings are ignored.

The Maze ransomware is one of the clearest examples of this evolution in the threat landscape. It spreads over networks, encrypting every file in its path. At the same time, it also exposes the data to attackers. If they don't get a response or money, then hackers threaten to release this data online.

In November 2019, Maze attacked Allied Universal, a staffing and security company. After gaining access to the company network, they "kidnapped" roughly 7GB of valuable data. Then they demanded 300 BTC (around $2.6 million) to release it. To increase the pressure on the company, attackers also claimed they would leak some of this data unless Allied Universal paid within an allotted time frame. The company ignored the demands, and the fraudsters released 700MB of the data onto a Russian hacking forum to force the company into paying the fee.

Oddly enough, this is where the story ends. No one is quite sure whether Allied paid or not. Though some rumors say that negotiations are still ongoing. Either way, Allied was just the beginning. Since then, Maze has continued to wreak havoc on computer systems around the world, causing millions in damages.

Maze Isn't The Only Threat

Maze is one of the many of these new types of ransomware attacks. Sodinokibi (Revil) emerged last year as part of the double-blackmail trend.

In one attack, operators of Sodinokibi targeted Artech Information Systems, an IT staffing firm. After the negotiations between sides failed, the hackers released 300 MB of company data to the public. And it was only round one. The fraudsters have plans to continue releasing data until the company meets their demands.

Maze and Sodinokibi are clear signs of this emerging trend. We will only see attacks like these continue ramping up until they become the new normal in the world of malware.

How to Protect Your Business From Ransomware

So far, these new attacks have focused on larger corporations and governments. But they're likely to follow a similar pattern as ransomware initially did. It won't be long before their targets are set on small businesses and individual users. Research proves that SMEs are the top target for cybercriminals, accounting for over 58% of malware attacks.

The best thing you can do is fight fire with fire. Encryption is a powerful tool that you can harness for your own benefit. Encryption software for small businesses can lock your files to prevent unauthorized access. The only way anybody would be able to read the contents is by having the right password. Encryption software also enables secure file sharing so you can grant and restrict access accordingly.

At the same time, invest in employee training to minimize the human factor in data breaches. 91% of cyber-attacks start with an email. Often, you can prevent a ransomware attack by training your employees to recognize and report suspicious communications.

Finally, take care of your network security. Enforce the use of password managers and multi-factor authentication, and never ever forget to backup the essential data.

100% safety in the online world is a myth. But staying proactive rather than reactive can reduce the chance of dangerous two-pronged ransomware attacks from happening.

(Disclaimer: The opinions expressed are the personal views of the author. The facts and opinions appearing in the article do not reflect the views of Devdiscourse and Devdiscourse does not claim any responsibility for the same.)

Give Feedback