The modern era of ransomware has become increasingly targeted. In the early days, ransomware was distributed indiscriminately \u2013 aimed at anyone and everyone it could reach. Attackers would encrypt data using unsophisticated methods and hope for a pay out of maybe \u00a3300. Their sometimes rudimentary encryption methods meant that cybersecurity experts could not only detect the threat but could often also decrypt the data \u2013 a near impossibility today.<\/p>\n
Ransomware developers have since realised that there is much more money to be made by targeting specific organisations. Instead of a few hundred pounds, they can get hundreds of thousands of pounds, and even millions in some cases. The number of ransomware samples and blocked attacks<\/a> is on a downward trend but this is only because attackers are focusing on more strategic and impactful attacks rather than on quantity.<\/p>\n The 2017 WannaCry ransomware epidemic<\/a> underlined the impact that a ransomware attack can have on organisations. WannaCry affected 230,000 computers around the world in total, but showed the catastrophic impact on specific organisations. The ransomware affected thousands of NHS hospitals and surgeries across the UK and reportedly caused ambulances to be rerouted. The NHS is estimated to have lost \u00a392 million as a result and the global cost of related attacks was estimated at $4 billion.<\/p>\n In some instances, this ransomware isn\u2019t even necessarily designed to get money <\/a>\u00a0\u2013 just to sabotage IT systems. This was the case with NotPetya in 2017, which had a significant impact on a number of organisations. For example, hipping company, Maersk lost between $200 and $300 million<\/a> as a result of this ransomware attack.<\/p>\n Networked vs. hierarchical structure<\/strong><\/p>\n When most people imagine these ransomware gangs, they picture an Ocean\u2019s Eleven-style set up, run by a great criminal mastermind \u2013 and for law enforcement agencies, this would be a far easier adversary to overcome. Instead, ransomware has evolved from individual hierarchical structures into a fully-fledged modular ecosystem\u2013 a whack-a-mole system of replaceable players.<\/p>\n The players within this whack-a-mole ransomware ecosystem. (full research available here<\/a>)<\/p><\/div>\n \u00a0<\/p>\n How do cybersecurity experts advise as best practices in this climate?<\/strong><\/p>\n With today\u2019s ransomware, cybersecurity experts are rarely able to find a mechanism for decrypting data. This makes backups, a proactive defence plan and crisis management plans imperative.<\/p>\n To pay or not to pay?<\/strong><\/p>\n Ramsomware gangs are making millions of pounds<\/a> and, even scarier is the prospect of what they can do with those earnings in terms of reinvesting into their own R&D. Our latest research<\/a> found that nearly 75% of UK organisations paid the attackers in order to get their data back. However it is good practice to avoid paying ransoms because this is the oxygen that keeps these groups alive.<\/p>\n Nevertheless, vulnerable organisations are put in extremely difficult circumstances \u2013 particularly those operating critical infrastructure facilities \u2013 because of the impact on business continuity and <\/a>subsequent reputational damage. It is worth noting that Kaspersky was a founding member of NoMoreRansom<\/a>, now a broad consortium of industry and police bodies providing free decryptors for victims of ransomware attacks.<\/p>\n As ransomware groups become increasingly formidable, it is the duty of those in the cybersecurity sector to ensure that they are at the forefront of industry trends, developing new and innovative solutions to protect our increasingly interconnected world.<\/p>\n How do we encourage the next generation of cybersecurity professionals?<\/strong><\/p>\n Many people think that they need a computer science degree in order to enter the profession. However, there is a variety of different roles within the industry and a broad range of skills that are needed: not just mathematicians, cryptographers and programmers, but people with writing skills, communications skills and more. Technical skills are important, but equally so is curiosity. For anyone aspiring to a career in cybersecurity, I would recommend Jessica Barker\u2019s \u201cConfident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career\u201d<\/a>.<\/p>\n The way we handle ransomware has completely changed in the last 15 years or so. The next generation of cybersecurity professionals has a daunting task ahead, staying one-step, and preferably a few ahead of ransomware gangs and other types of attacker. Just as they are evolving, so too is our industry. Every year our abilities to defend against cyber-attacks becomes stronger and more innovative.<\/p>\n Today\u2019s cybersecurity solutions go way beyond the old-fashioned pattern detecting approach characterised as \u2018anti-virus\u2019 \u2013 including the use of generic detection, heuristics, behavioural analysis, emulation and sandboxing techniques. Our experts are continually developing new systems to stay ahead of the latest threats.<\/p>\n![\"\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2022\/05\/13144426\/botmaster-1024x513.png\")
\n
\n