Ransomware Cases Now Handled the Same Way as Terrorism Cases

Ransomware has advanced from an irritating annoyance to a legitimate global threat, with the U.S. Justice Department officially going on the record and establishing that future ransomware investigations will be handled the same way that terrorism cases are now. Listed below is a review of the reasons behind this policy change and how your company should respond.

How Much Worse Has Ransomware Gotten?

Ransomware was never something to be trifled with. On the other hand, compared to the attacks we’re seeing today, the attacks of the past seem to be small potatoes at their worst. Having your organization's data encrypted is bad; but crippled supply chains and interrupted national infrastructures (as we’ve seen in the recent attacks on JBS SA and Colonial Pipeline) are undoubtedly worse.

The dangers that such ransomware attacks pose cannot be understated, and no business is truly safe. The White House recently said as much in their warning to companies in regards to their cybersecurity preparations.

This is Why the US Justice Department is Speaking Out

Understandably concerned about the ramifications such threats could easily pose to national security, the Department of Justice has joined with the White House to draw a line in the sand. As their way of responding to what they accurately described as a “growing threat,” investigations into ransomware cases will now be handled similarly to how terrorism cases are; all stops taken out in terms of what tools are used.

Other Governing Bodies are Following Suit

Similarly, in response to the JBS hack and the potential economic ramifications it will likely cause, the US Congress is now considering the lack of federal oversight into the cybersecurity protections implemented by meat processors. Such oversight could help to create a more unified strategy to help prevent and mitigate these kinds of attacks and their widespread impacts.

Ransomware Threats are Also Getting Worse

In addition to many ransomware attacks being waged on bigger, higher-value targets, the strategies involved across the board are evolving. Just consider the ideal progression of a ransomware attack from the attacker’s perspective.

1. Utilize ransomware to encrypt a targeted system
2. Threaten to delete all contents of a targeted system if a ransom isn’t paid
3. Profit

Understanding this, the consensus amongst security-minded businesses was that keeping an isolated backup was the perfect failsafe against such an attack. After all, with the backup to fall back on, the encrypted data could be deleted and replaced with relatively minor cost to the business. This is one of the many, many reasons we always recommend a business to keep a backup squirreled away.

Alas, as will always be the case with cybercriminals, these practices encouraged them to adapt their processes. Lately, more and more attacks are following a slightly different method than what we’ve been seeing:

1. Steal data from a system, using ransomware to encrypt it after the data has been harvested
2. Threaten to delete all contents of a targeted system if a ransom isn’t paid
3. Profit
4. Threaten to leak or sell the stolen data unless a second ransom is paid
5. Profit again

This double-attack approach to ransomware first appeared in late 2019, and has exploded since. One recent survey found that 77 percent of ransomware attacks now come with threats to leak data if a ransom isn’t paid. This same survey also revealed that such attacks are increasingly directed against SMBs, who have significantly fewer resources than enterprise-level targets.

So, if keeping a backup no longer helps to squash the entire threat, what can a business do?

How a Business Can Resist Ransomware

First, it will help to comprehend how the majority of modern ransomware attacks begin. About half are enabled by a cybercriminal’s ability to compromise remote desktop software (via stolen or guessed access credentials, or through an unpatched vulnerability). This means that any business can more effectively prevent ransomware by reinforcing its password security and user management.

By implementing password requirements that better align to best practices and then reinforcing them via two-factor authentication measures, your business can help eliminate much of the risk of an insecure password. Supplementing these measures with a password management platform can make it that much simpler for your users to utilize sufficiently secure identity authentication, benefitting your business considerably.

Finally, it helps to invest in a dark web monitoring service, as this can help you identify if any of the passwords or data that your business relies on has been compromised and exfiltrated. While it won’t help to undo any damage that has already been done as a result, this knowledge can help you identify your weak points and resolve them.

While we wish we could say that this is the last time that a cyberattack method will ever get progressively worse, we simply can’t, so we all need to do whatever we can to stop them. That’s where Macro Systems and our services come in. Learn more about what you need us to do by calling 703-359-9211 today.