Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Extortion, software-as-a-service, team attacks—ransomware is going through its own industrial revolution.
“It’s not a single group anymore that’s targeting a single company,” Druva CSO Yogesh Badwe told IT Brew. “It’s different groups, collaborating together in a way, with some sort of loose trust between them and handing off incidents.”
Commoditization of different elements of the threat surface means that victims may be managing an attack vector involving multiple groups, as IT Brew has reported.
And while the threats continue to be a problem, Badwe said, those growing pains can contribute to an overall destabilization of the criminal enterprise, since unconnected threat actors copying stolen data can undermine victims' confidence that paying ransoms will be effective.
Changing requirements. Extortion is a key part of the ransomware business model—but when groups leak information on the dark web even after receiving payment, the criminal industry loses what trust it had with victims. What it comes down to, Badwe said, is that you can’t trust the transactions. Ransomware is handled as a business where threat actors have a reputation to uphold, and dissemination of information online after ransoms are paid is damaging for future prospects.
Alex Cox, director of threat intelligence at LastPass, told IT Brew that the problems with paying ransomware attackers off can begin with the question of what, exactly, you’re paying for—threat actors can change terms after they get payment, hand over useless decryption keys after payment, or otherwise fail to live up to their responsibilities under the unwritten contract.
Plus, paying ransoms adds to rising cyber insurance costs. Cox sees this as helping the ransomware industry—when smaller companies can’t pay, they turn to insurance, so the attackers get their money either way. The response to the threat is in turn fueling it.
“The ransomware actors know that in the event that these companies don’t have the proper setup to deflect the ransomware attack—good backup, segregated network, good security training, that sort of thing—their only option is to pay the ransom or use their cyber insurance,” Cox said. “And that gets the bad guys a payday.”
More human than human. Ransomware attacks have a human element to them as well, Ninjio CEO Shaun McAlmont told IT Brew, and that can contribute heavily to the panic. They’re “very emotionally draining” and expensive, McAlmont said, so the best thing to do is to be proactive and avoid as much damage as possible.
“It is forcing companies to be more proactive, to be a little more mission-driven about cybersecurity,” McAlmont said. “Those messages coming from the top, like ‘our culture is a culture of cyber awareness and security,’ [are] very important.”
AI is adding to problem, he added.
“I think what's making it even worse...are deepfakes,” McAlmont said. “Deepfake voice, imagery, and videos...are forcing us to write episodes that are tied directly to recognizing it, trying to avoid it. I think AI is just shifting the landscape very quickly.”