What is Targeted Ransomware?

Introduction

 

Ransomware is emerging in a variety of forms. Threat actors (anyone who is either a primary driver of, or participates in, a harmful activity that affects an organization's IT security) are shifting away from indiscriminate assaults and instead of targeting their targets with precisely tailored Ransomware to accomplish their intended effects. 

 

They are striking at the most significant or profitable elements of the network, in addition to Targeted firms. This is done with complete contempt for ethics.

 

(Related blog: Security Analytics)

 

Consider what would happen if your most vital systems suddenly stopped working, bringing your entire firm to a standstill. Then someone wants a ransom to get your systems back up and running. Or someone launches a DDoS attack on you and wants a ransom to stop it. That is the realm of ransomware.

 

What exactly is Ransomware and How does Ransomware work?

 

Ransomware is software that uses encryption to hold a victim's data hostage for a fee. The vital data of a person or organization is encrypted, making it impossible for them to access files, databases, or apps. A ransom is then requested in order to get access.

 

Ransomware is frequently intended to propagate over a network and target database and file servers, paralyzing an entire enterprise in a matter of minutes. 

 

Ransomware is quickly becoming the preferred assault strategy for cybercriminals, who recognize that even brief periods of the outage may inflict widespread disruption and harm.

 

(Suggested blog: AI in cybersecurity)

 

Asymmetric encryption is used by ransomware. This is a type of encryption that encrypts and decrypts a file using a pair of keys. The attacker generates a unique public-private pair of keys for the victim, with the private key used to decrypt data saved on the attacker's server. The attacker only makes the victim's private key available when the ransom is paid.

 

(Recommend reading : Information Security vs Cyber Security)

 

 

About Targeted Ransomware

 

In quest of larger payments, skilled criminals have moved to targeted ransomware techniques. These attackers use specialized strategies, approaches, and processes to target extremely particular companies depending on their capacity (or need) to pay significant ransoms. This is frequently referred to as "big game hunting".

 

These attackers are extremely innovative, frequently going to considerable efforts to learn a victim's technological stack to locate and exploit weaknesses, as well as pick the most valuable data to encrypt and hold for ransom. They're also exceedingly patient, raising privileges to bypass security measures and avoid detection for months — if not years — before installing malware.

 

The Hades ransomware assaults are a recent example of this long-tail, targeted technique. According to ZDNet, ransomware operators are targeting huge multinational corporations with yearly sales of over $1 billion and have successfully targeted at least three enterprises in the transportation, retail, and industrial industries. Since ransomware initially made headlines in the security world, the scene has fundamentally shifted.

 

" We'll see fewer and fewer widespread advertisements aimed at average consumers. Of course, it doesn't mean users aren't still at risk. However, the major focus will most certainly remain on businesses and large organizations, implying that ransomware attacks will grow more complex and destructive. To secure their data, firms must implement a complete set of security measures." Between 2019 and 2020, the number of users affected with targeted ransomware surged by around 767 percent. 

 

(Also read: Best Data Security Practices)

 

High-risk sectors for Ransomware

 

Ransomware has grown from an irritation that targeted home PC users with reasonable ransom demands to a billion-dollar enterprise in the previous year. 

 

A ransomware assault on any organization might be disastrous, but certain industries are more vulnerable to file-encrypting attacks than others since hackers prey on companies that can't afford to lose access to their networks. 

 

While some cybercriminals may attempt to penetrate any organization with a generic assault, professional threat actors will construct precisely customized attacks to appear as real as possible – even by making the communication appear to come from a colleague. High-risk sectors include:

 

• Education

 

According to the Ransomware Task Force (RTF), Cybersecurity and Infrastructure Security Agency, and Multi-State Information Sharing and Analysis Center, nearly 1,700 schools, colleges, and universities were hit in 2020, with 57 percent of all known ransomware incidents involving K-12 schools in August and September 2020. In 2021, cybercriminals continued to attack educational institutions. 

 

On the higher education front, Howard University was forced to cancel two days of sessions after a ransomware assault was discovered over the 2021 Labor Day weekend.

 

• Retail

 

According to Sophos' study results, over half of all retail enterprises, like educational institutions, were ransomware targets in 2020. And, of those retail businesses that had not been attacked in the previous year, 34% stated they anticipate being attacked in the future. 

 

Following a successful phishing effort, British retailer FatFace paid the Conti ransomware group a $2 million ransom in April 2021, according to Computer Weekly. 

 

To deal with the attack, the company had to close the bulk of its 800 locations for three days. The business stated that the ransomware rendered several of its cash registers inoperable.

 

(Must check: What is differential privacy?)

 

• IT

 

To the rapid shift to remote work, with ransomware operators preying on victims at an extremely vulnerable moment, utilizing pandemic-themed phishing material. In early 2021, the ransomware group REvil breached Taiwan-based PC maker Acer's network and demanded millions in ransom. It's unclear whether the corporation paid the ransom. 

 

Apple laptop producer Quanta Computer, automotive inspection technology supplier Applus Technologies, backup storage vendor ExaGrid, and software company Kaseya are among the most recent ransomware targets in the IT sector.

 

• Infrastructure for energy and utilities

 

Organizations in the oil, gas, and utility sectors, on the other hand, are the most likely to pay ransoms, as hackers are aware. Organizations in the oil, gas, and utility sectors, on the other hand, are the most inclined to pay ransoms. 

 

In May 2021, the most notable ransomware assault to date was found. The DarkSide gang apparently infiltrated the Colonial Pipeline Co. using a legacy VPN account, shutting down operations and disrupting petroleum delivery on the United States' East Coast for days.

 

Even though the ransomware operators were successful in collecting $4.4 million, the Department of Justice stated that it eventually recovered half of that amount using a private key.

 

• Financial Services

 

The impact of ransomware on the financial services sector has the potential to be broad and disastrous. Sophos polled 550 IT decision-makers in the banking industry and discovered that 34% had suffered a ransomware attack in 2020, which is close to the cross-sector average of 37%. 

 

The good news, according to the study, is that 91 percent of financial institutions have a malware incident recovery strategy. CNA Financial, one of the major commercial insurers in the United States, was targeted by ransomware operators. 

 

According to Bloomberg, CNA paid a ransom demand of $40 million. It took nearly two months to fully restore network functionality. (source)

 

These are just a handful of the industries that are vulnerable to targeted ransomware. However, this does not imply that others will be spared. Several industries are vulnerable to ransomware. Experts stressed that no company, no matter its size or industry, is immune.

 

Preventions for Ransomware

 

Based on what we know about these assaults, it appears that the adversaries executed a targeted and manual attack with the intention of holding files for ransom. Some of the approaches utilized appear to be an attempt to avoid discovery. 

 

Although there is no one-size-fits-all solution to preventing such assaults, effective security procedures can assist. The following measures are recommended:

 

• Install security upgrades as soon as possible: The entry point appears to be leveraging a known weakness in third-party software. This illustrates the need of following rigorous methods when it comes to operating system and application software upgrades, especially for systems that are exposed to the outside world.

 

• Install up-to-date security software: When a malware, such as ransomware, is detected, up-to-date security software may be able to identify it.

 

(Top reading: Information Security vs Cybersecurity)

 

• Implement a solid backup/recovery strategy: Good backup and recovery are crucial in the event of a targeted attack or another catastrophic incident. The data should be kept in a safe and separate place, and the recovery process should be evaluated regularly.

 

• Conduct a cybersecurity Audit: Conduct a cybersecurity audit of your networks and address any flaws detected at the perimeter or within the network.

 

• Educate Employees: Inform all workers that ransomware may easily attack them via a phishing email, a dubious website, or cracked software obtained from unauthorized sources. Maintain staff vigilance at all times, and test their knowledge.

 

 

Conclusion

 

Adequate planning is vital for today's enterprises to avoid becoming ransomware targets – or, worse, victims. Companies must educate their employees in order to create awareness about ransomware.

 

(Also read: What are Encrypting Viruses?)

 

They must also address data governance, protection, and ransomware payments, as well as establish a comprehensive incident response strategy. Organizations require a multi-pronged strategy to cope with a complex challenge like ransomware. We can avoid becoming a target By taking the necessary precautions.