Defending against the new underground ransomware economy

Software-as-a-Service is a concept that has altered how software services are provided internationally and is undoubtedly recognizable to us. Sadly, the SaaS movement has been embraced by the criminal community as well. Instead of depending on commercially available tools, attackers may now buy access to networks and the payloads they use to infect them using ransomware-as-a-service (RaaS) models that have appeared on the Dark Web. In other words, regardless of the attacker’s abilities, a successful ransomware assault has the same effect, giving additional cybercriminals the opportunity to carry out advanced operations.

This significantly increases the threat of ransomware plaguing Singaporean enterprises. According to the newest study from Singapore’s Cybersecurity Agency, there will be 137 ransomware incidents affecting businesses here in 2022, a 54% rise from 2020. This indicates that the growth of cybercrime is not showing any signs of slowing.

How can organizations safeguard themselves against the upcoming wave of ransomware assaults as fraudsters look for vulnerabilities in operational procedures? CIO World Asia Spoke with Chua Chee Pin, Area Vice President of ASEAN, Hong Kong, Korea, Japan and Taiwan at Commvault about defending against the new underground ransomware economy

---

Potential threats of ransomware

According to IDC, investments in security products and services will surpass $30 billion in the Asia Pacific region this year, representing a 15.5% rise from 2021. One of the causes of this expenditure is the increase in ransomware and cyberattacks in this area.

Ransomware attacks are increasingly severe security hazards that may bring down whole networks of huge corporations, and they are no longer sporadic or isolated. This can have a negative impact on operations and company continuity, as well as harm the organization’s finances and reputation over the long run.

Additionally, a number of ransomware organizations are currently targeting Small and Medium Enterprises (SME) by employing a “Ransomware-as-a-Service” (RaaS) model (SMEs). Through RaaS, creators of advanced ransomware strains rent out the infrastructure to thieves with less technical skill. Even novice hackers are now able to leverage pre-existing, sophisticated infrastructure to disseminate ransomware payloads, eliminating the need to create these skills from scratch.

Impact of ransomware on company’s system

Ransomware attacks may cause devastating consequences for businesses, and complete recovery can frequently take years. An assault will harm productivity, customer happiness, staff morale, and brand reputation regardless of how you respond to it. Consider the Norsk Hydro attack, which cost the firm $71 million in damages and was situated in Oslo. Furthermore, according to estimates from Sophos, the average cost of recovering the data is $1.85M, which is 10 times the ransom payment.

Cybercriminals use ransomware attacks as a type of digital extortion by preventing organizations from accessing their own data and taking over their systems unless the requested ransom is paid. Ransomware is more than a business continuity or disaster recovery reaction since there is also a chance that attackers may take data before encrypting computers. These assaults frequently contain implants that can repeat the attack later or wreak unknowable damage in the future.

Data theft indicates a comprehensive cybersecurity incident response to the assault and the possibility of a data breach should the data be stolen. These are significant cybersecurity events because it is possible to exploit this data in a number of ways, including for damage and financial gain. Organizations risk brand damage and financial losses, with large businesses, like those in Singapore, possibly subject to fines of up to 10% of their turnover.

As there is no assurance of recovery, paying the ransom is not advised. Even after receiving payment, thieves are not allowed to decrypt systems or steal data to resell on the Dark Web. Some even insert implants to plant the seeds for later attacks.

Detecting ransomware attacks behind the Endpoint

Critical corporate data is being produced and kept on end-user laptops, desktops, and mobile devices rather than in the comparatively secure environment of a data center as more teams work remotely. With additional vulnerabilities being revealed and employees all doing things a little bit differently, protecting endpoints has never been more important.

For losses to be minimized and operations to be maintained, defenses must be strengthened and a recovery plan must be in place. Consider objectives like end-user productivity, resource optimization, system recovery automation, deployment flexibility, and process simplicity to coincide with your goals while protecting key corporate traveling data assets.

Find the best endpoint data protection solution to match your demands and reduce the risk of an attack after determining the criteria your organization needs. For instance, endpoint data protection may automatically detect new devices and install backup agents on them, ensuring safety for all laptops and cellphones while reducing administrative burdens. Similar to this, if a laptop is lost or stolen, the danger of a data breach or loss may be reduced by simply adding a layer of data loss prevention security at the file or folder level.

The use of anti-malware, a personal firewall, file encryption, data loss prevention software, and other security measures is also crucial. To safeguard organizational endpoints and infrastructures, this is crucial. However, organizations still need to be ready in case a breach occurs.

Companies must be aware of where their data is located (such as in an on-premises, hybrid, or multi-cloud environment) and how to recover it in all of these settings. It’s crucial that they have a thorough and current overview of their data to reduce the impact of any cyberattacks.

Additionally, systems for early warning and threat detection that proactively identify unknown and zero-day attacks can minimize the effect on businesses and compromised data. ThreatWise from Commvault is one example of a cyber deception solution that may provide decoys to actively entice malicious actors into using phony resources and identify risks in operational settings, neutralizing covert cyberattacks before they can do any damage.

Steps to ransomware protection for an SME

Simple precautions may be taken by smaller organizations, like SMEs, to protect themselves. It’s important to practice proper cyber hygiene, which includes educating employees about phishing scams, dubious websites, the need for backups, and the need of having strong passwords. Keeping software, firmware, and programs up to date can also help to lessen the possibility of ransomware exploiting widespread or recently identified vulnerabilities.

The NACSA in Malaysia and the CSA in Singapore are two examples of public resources that SMEs with limited cybersecurity knowledge and resources may use. The CSA’s Cyber Essentials mark, which was introduced earlier this year and aims to assist regional SMEs in prioritizing the cybersecurity measures and fundamental practices required to protect their systems and operations from cyber-attacks, is an illustration of this.

Conclusion

As hackers become more skilled and launch unexpected, savage attacks that have the potential to completely destroy an organization, the focus of an organization’s security efforts must shift to ransomware prevention and education.

It does not necessarily follow that your company will never undergo a ransomware assault just because it has not yet. Organizations should confirm that their data security and management solution can aid in ransomware protection, detection, and recovery.

The good news is that proactive data security best practices may help any size organization improve its security posture and resilience while keeping it one step ahead of ransomware.

---