Ransomware is "a violent crime to the network," according to U.S. Secret Service investigator Mike Moran, who made his remarks at the Cybersecurity & Infrastructure Security Agency's Cybersummit last month.
The attacks will continue as long as people are willing to pay the ransom, he added.
For network administrators this should be a sobering thought, particularly for two reasons.
The first is that it is getting easier and easier to launch ransomware attacks, and there is no shortage of people willing to launch them. Ransomware as a Service (RaaS) offerings mean that you don't need to have any particular technical skills to launch a ransomware attack, just the desire to do so – and if you have access to a network to exploit then even better.
Insiders become an issue
The second reason is that – thanks to Covid-19 – the world economy is in a downturn, and increasingly large amounts of people are struggling to make ends meet. That means the threat to networks from insiders – the disgruntled employee who feels he or she is not being appreciated by the organization, for example – is likely as high as it has ever been.
So launching a ransomware attack is easy, an economic downturn means the motivation to make money is there, and an insider has the means to bypass perimeter security measures and get the malicious code right into the heart of an organization's network.
Remote work makes ransomware defense tougher
Of course there are existing measures that are in place on many networks to try to mitigate the threat of ransomware. These include early detection, as well as backups from which encrypted data can be restored – although backups have been targeted by ransomware attackers too so those systems need to be robust.
But the rise in home working arrangements means that in many cases these measures are less effective than if employees were working from within the network perimeter.
Malware authors are also getting sneakier and more sophisticated, and many strains of ransomware not only encrypt an organization's data but also exfiltrate as much of it as possible.
An enterprise that falls victim to an attack may be able to get back in business without paying a ransom – eventually – by restoring data from backups. But even if it can do this successfully, those responsible for the attack will still have a copy of some or all of the data, which they can threaten to make public or sell to other criminals if a ransom is not paid.
And it gets worse. Ransoms are skyrocketing as criminals look to extort hundreds of thousands or millions of dollars from organizations, rather than the hundreds or thousands of dollars that was more common a few years ago, according to Jonathan Holmes, a supervisory special agent at the FBI Major Cyber Crimes Unit.
They are also getting more sophisticated: some ransomware operations go so far as to have "customer service" representatives who are there to help companies negotiate a "fair deal" for a satisfactory outcome, according to Jason Conboy, of the Department of Homeland Security (DHS) investigation division.
The upshot of this is that network professionals of all types – administrators, engineers, architects, security specialists and so on – need to be on their toes now more than ever, doing as much as possible to protect the network and reduce the chances of falling victim to ransomware.