In July 2021, over 800 of Sweden’s Coop stores had to close when the company was hit by a ransomware attack. Attackers demanded a ransom of $70 million. It took a whole week before the shops were working at full capacity again. You can imagine the chaos and frantic attempts at managing the fall-out from the attack across the Coop’s network of stores. This story is not unusual. It is repeated over and over across all sectors and all geographies. Often, the ransomware criminal uses the human in the machine, typically company employees, to initiate the ransomware process that ends in disaster.
The question is, can an organisation turn this situation on its head and use a human touch to protect itself against a ransomware attack?
Ransomware is big business and its coming to a company near you
In the last 18 months, ransomware attacks have hit companies the world over. Report after report tells us that ransomware attacks are still a major threat. One such report from Sophos, “The State of Ransomware in Retail 2021” interviewed 435 IT decision-makers. The survey found that retail along with education were the sectors most targeted by ransomware attacks during 2020. Over half of retail outlets, were hit by a ransomware attack in 2020, resulting in data and other files being encrypted. Even organisations that paid the ransom did not necessarily fix the problem; over one-third of companies that paid up lost access to the encrypted data, permanently.
The costs of ransomware and why it’s such a successful scam
There are several reasons for the success of ransomware. Cybercriminals are inventive. They work out new ways of hiding from anti-malware tools and they explore novel ways to infect networks.
According to another 2021 report on ransomware by Sophos, this time interviewing 5,400 IT decision-makers, the cost to a company infected with ransomware has more than doubled in 2021. It now costs, on average, around $1.85 million to sort out a ransomware attack. To add some further details on this, insurers, Coalition, have stated that they have paid out claims from ransomware that vary from $1,000 to well over $2,000,000 per incident.
The ransom amounts demanded are making ransomware thieves billions every year. The largest ransom demand to date was in 2021 with an eye watering $50 million. The victim was Acer and the attackers a hacking group named REvil; a booming business like this will continue and likely grow.
How ransomware thieves do it
Ransomware, as a concept to encrypt files and use them as a hostage until a ransom is paid, goes back to the 1980s. But it wasn’t until Bitcoin was invented that ransomware took off. Bitcoin (and other cryptocurrencies) gave ransomware thieves a way to make money and remain anonymous. Ransomware criminals are good at using tried and tested business models to propagate ransomware to make more money.
Today, ransomware is big business and the cybercriminals behind ransomware are investing in building ransomware packages that are then sold on the dark web ‘as-a-Service’. These Ransomware-as-a-Service (RaaS) packages are easy to use, and now, just about anyone can become a ransomware hacker. The hacking gang behind the RaaS may even be state-sponsored. This easy-to-use cyber-attack model is based on a service portal that offers RaaS using a monthly subscription or via payment models such as affiliate programs; the cybercriminals make a percentage of any profits. REvil, the ransomware gang behind the Coop and Acer attacks, and many more attacks are known to use a RaaS package.
The open door to ransomware is usually via a human
If a company network is infected by ransomware, then all your files and other data will be encrypted. Not only that, but in recent ransomware attacks, the fraudsters also steal the data, threatening to expose it if the ransom is not paid quickly.
If your company is infected by ransomware, chances are an email will have started the painful process. Phishing emails are an incredibly successful technique used to infect corporate networks as well as steal login credentials and other personal information.
The bottom line is that ransomware criminals target companies, but they get in via our employees, contractors, supply chain vendors, and anyone else connected to a company; in other words, they use humans to start the chain of destruction.
There are three main ways that ransomware gets into a company network:
Phishing email links
The email contains a link, which if clicked takes the user to a spoof site that results in ransomware download and an infected computer.
Phishing email attachments
If an email recipient clicks on and downloads a malicious attachment, the process of ransomware infection can begin.
Online exploit kits
Ransomware can even be hidden in legitimate websites, online ads, etc. When an employee navigates to an infected site, the process of infection can begin if the employee’s computer is vulnerable.
Once a single computer is infected, the infection spreads like a wildfire across any connected files, folders, drives, and even out to cloud repositories.
The chain of infection is carried by emails, and infected sites and ads, via a human operator straight into the corporate network.
Create a human firewall to stop ransomware
Traditional security measures include firewalls and anti-virus software. Over time, cybercriminals have circumvented these protective measures by focusing, instead, on tricking users into installing malware on their behalf: hence the use of phishing and infected online ads to bring the malware directly into the network.
The cybercriminals behind ransomware use our extended human workforce as a way into our corporate network. Our employees and non-employees, not just our computer network, is at risk from exploitation by these criminals. But there are ways to empower the humans that work within your organisation to prevent the exploits of cybercriminals.
Building the human firewall
The human version of a firewall is built by educating your userbase, aka, employees, contractors, etc., on how cybersecurity attacks work. Security awareness training is the basic method used to do this. Awareness training programs target education to everyone that works in or with an organisation, focusing on the type of threats that exploit humans.
Some basic building bricks help to form a human firewall:
Everyone is part of the firewall
The more people that you put through security awareness training, the stronger the human firewall becomes. Security awareness training is also not a one-off exercise. Cybercriminals change tactics as people become savvy to their ways. A good training program will update with the changing landscape to make sure that employees are aware of any new tricks up the fraudsters’ sleeve.
Add security tools to cement the human firewall
Empower your people with the right tools to prevent a cyber-attack from taking hold, just in case they do click on that malicious link. Setup second-factor authentication wherever possible, use secure backups, and add in cloud-based email and website filtering to help prevent phishing emails from landing in an employee’s inbox. These tools augment your human firewall to prevent ransomware infection.