Let’s discuss what a cyber disaster is… a disaster in the cyber world would be losing the ability to run the apps and information that you want to run on a day-to-day basis.
How can that happen? One way is the hardware or software to fail, this is what is called a regular day where one reboots and hopes everything comes back. Rebooting does work most of the time, as maybe there was a momentary glitch. Of course one is not referring to a somewhat regular occurrence.
The cyber disaster that we are talking about is when one actually loses data due to ransomware or the data was actually deleted. Some hackers are now deleting data, asking for money so it does not happen again.
Earlier this year Palo Alto’s Unit 42 had a report in March of this year (2022):
2022 Unit 42 Ransomware Threat Report Highlights: Ransomware Remains a Headliner
“Ransoms – both demands and payments – continue to go up. Among the incident response cases reviewed in 2021, which were predominantly in the U.S., the average ransom demanded was approximately $2.2 million. This represents about a 144% increase from the average demand of $900,000 from the cases analyzed in 2020. The average payment from 2021 cases climbed to $541,010, which was 78% higher than the previous year. While the raw numbers have gone up, it is important to note the payouts tend to be significantly less than initial ransom demands – we calculated actual payments were, on average, 42.42% of the initial ransom amount.”
This company (Palo Alto) makes one of the pre-eminent firewalls in the business (the Palo Alto Firewall). But the firewall has a minimum cost with some technical expertise, which means that the minimum customer has significant assets before they can pay an average ransom of 2.2 million$.
This next point is also important from the Palo Alto report:
“Multi-extortion techniques where attackers not only encrypt the files of an organization, but also name and shame their victims and/or threaten to launch additional attacks (e.g., distributed denial of service DDoS) are increasingly part and parcel of ransomware tactics. In 2021, the names and proof of compromise for 2,566 victims were publicly posted on ransomware leak sites, marking an 85% increase compared to 2020.”
Then the report gives more information on how the criminals are setting up a “Ransomware as a Service” kind of like public companies set up software as a service tools for businesses.
The Ransomware as a service is for the criminal organization with very little technical skill. This phenomenon does not bode well for us if now criminals can get into the business without much knowledge.
I like this gem also: “The ideal time to start preparing for a ransomware attack is before it happens.”
So what is it that you can do to reduce chances of a successful ransomware attack on your devices.
Implement a Comprehensive Strategy
- Educate yourself (buying my book could be part of that)
- Spend a little time reviewing risk – which means evaluate impact and probabilities of attacks on various devices and software (always good to know what is a target)
- Evaluate your internal abilities (Know Thyself is a good adage)
- Test Incident response plan with an exercise
- Work on implementing zero trust strategy
- Inventory of assets is good to have
- Make sure and update all software and hardware and institute a vulnerability assessment program
- automate any tasks if possible
- Any software that is being developed needs to have a thorough security review
- Get any outside consultants up to speed of any changes inside the company to make sure they will be as helpful as possible if needed.
As usual all extortions and ransomware used as attacks on unsuspecting companies and individuals will continue and it behooves all organizations to review their cybersecurity before the new year comes in.