Once a niche criminal enterprise, ransomware has become big business, complete with R&D departments and sales and marketing divisions.
The deeply layered onion that is today’s ransomware attack landscape has been wreaking havoc in large enterprises in South Africa and across the globe. Patrick Evans, CEO of SLVA Cybersecurity, says it only takes two hours to determine whether a network’s endpoint protection can be circumvented and if the organisation has controls in place to stop the encryption and ransomware behaviour.
“Understanding an organisation’s current environment, and the likely costs of a ransomware attack, is crucial to making a more informed decision concerning security,” he added.
Evans says the recent ransomware attack on TransUnion has undoubtedly raised concerns among enterprises about their own potential security vulnerabilities. Irrespective of the amount of protection currently in place, ransomware has evolved into a complex and sophisticated form of organised crime.
“While many people believe the victims of ransomware have not secured their networks, the truth is most organisations have made significant investments in information and cyber security.
Features such as firewalls, endpoint protection, intrusion detection, patch management, and many others are all in place and form part of the organisation’s layered defence,” explains Evans.
In addition, large enterprises typically have teams of experts running security operations, governance and compliance programs and more than likely even have a CISO playing a critical role of information security executive.
“There is no doubt that the majority of businesses today know that the weak link is the human element which poses a tremendous risk to the safety of the overall company.
For these reasons they have run security awareness programs for well over a decade, all with the aim to make their employees and contractors aware of the risks they create when clicking on a link in a document or having easily guessable passwords,” he says.
Yet, with such extensive measures in place, the question as to how ransomware attacks happen remains. As with any organised crime unit, there usually is a syndicate at work.
These syndicates are comprised of experts who know their way around a complex digital world, and it is this complexity with its multiple layers that make it easy for criminals to strike successfully. If you think of a typical IT environment, there are endpoints, servers, mobile devices, networks, multiple applications, cloud, and service providers.
Every individual item develops vulnerabilities that attackers can use to gain access to the network, endpoint or server. There are also other vulnerabilities that need to be patched, which in itself, is a complex task, according to Evans. “Today, it is virtually impractical to patch everything all the time, so patching needs to be prioritised, based on the likelihood and impact of an attack.
This requires intelligence about what is actually happening and needs to be collated, interpreted and insights derived in real-time,” he noted. Legitimising the business of crime, as with organised crime, now includes ransomware, with these organisations often being registered as legitimate businesses.
“There is nothing subtle about these businesses as their CEOs conduct TV and radio interviews, blatantly operating in countries which have no intention of stopping the activities because they bring in tens of millions of dollars of revenue,” says Evans.