Ransomware continues to be a major problem for modern organizations, and it is unlikely to disappear in the foreseeable future. Recently, several reports have highlighted how potent ransomware is at disrupting businesses and creating panic. For example, there’s news of ransomware gangs exploiting zero-day vulnerabilities in VPNs and cybercriminals targeting MS SQL servers to distribute ransomware.
Ransomware attacks are projected to cost organizations $265 billion by 2031. Ransomware is one of the most destructive cyber attacks. It inflicts financial and reputational damage on organizations, including losses and expenses incurred from operational disruption, remediation, decontamination, and recovery efforts. These damages are compelling enough reasons to work hard to develop effective solutions against ransomware attacks. The solutions available now are still insufficient, as the ransomware problem remains.
Here’s a rundown of the key reasons why ransomware continues to be a major threat even with the advancement of cyber defenses. Knowing these crucial reasons can help organizations develop bespoke solutions that work optimally for specific circumstances.
The constant evolution of ransomware tactics
One of the biggest reasons it is difficult to stop ransomware infection on its tracks is the ceaseless evolution of ransomware delivery strategies. Cybercriminals always develop novel and innovative ways to infect devices and systems. They employ complex techniques that help evade detection and ensure that the encryption process proceeds unnoticed.
Also, some ransomware attacks are paired with other spells that serve as a smokescreen. A couple of years back, there were reports of rising incidents of ransomware-DDoS tandem attacks. Aggressive DDoS attacks are launched to throw off cybersecurity teams and create openings for ransomware infection.
Moreover, ransomware perpetrators employ a scheme called “double extortion.” Here, a ransom is asked to decrypt the encrypted files, but the attacker steals the victim’s data. If the victim pays the ransom, the attacker proceeds to demand another ransom to prevent the spread of confidential or sensitive data.
The evolving nature of ransomware tactics should be met with evolving ransomware solutions. These enhanced solutions usually come with a zero-trust architecture, AI augmentation, and the ability to undertake behavioral analysis, sandboxing, continuous monitoring, and efficient incident response plans.
The double-edged nature of anonymity and cryptocurrency
The last comprehensive survey on internet users’ opinions on anonymity dates back to 2013. A Pew Research Center study revealed that nearly 9 in every 10 internet users want to maintain anonymity online. The numbers for anonymity preference have dropped over the years, with one UK study saying that preference for it is no longer the majority opinion. Still, the desire to be anonymous on the web is strong. After all, policymakers have not shown keenness in cracking down on anonymous internet users.
There are benefits to remaining anonymous, but there are also serious drawbacks. Identifying and tracking the personalities behind ransomware attacks is difficult because ransom can be paid through anonymous transactions, particularly cryptocurrencies. It is unlikely that anonymity and crypto will be outlawed or heavily regulated.
The imposition of heavy penalties is unlikely to prevent ransomware attacks since it is extremely challenging to identify the culprits. As such, solutions focus more on prevention and detection, which tend to be weakened by the constant evolution of ransomware tactics.
Highly viable cyber attack
Ransomware attacks are generally motivated by financial rewards. Perpetrators launch attacks to get paid in exchange for the key to decrypt the encrypted files. The ransoms demanded are often significant. One report says that the average ransom demanded by threat actors reached $13.2 million in 2022.
In other words, ransomware is a highly viable attack option for cybercriminals. That’s why many are enticed to get involved with it. The “profits” are relatively big, direct, and easy to get compared to other attacks. Notably, entities that provide ransomware-as-a-service have mushroomed, taking advantage of the tendency of many organizations to pay the ransom.
Victims paying the ransom
Government agencies and cybersecurity pundits repeatedly advise those who have become victims of ransomware attacks not to pay the ransom demanded from them. However, many go against this advice and pay the ransom in exchange for the “quick recovery” of their encrypted files. Data accumulated over the years show that the number of ransomware victims who paid the ransom has increased. This is certainly a major motivating factor for ransomware attack perpetrators.
There are many reasons why it is important to deny ransom payments. For one, doing so is an important step in making ransomware less viable. Theoretically, attackers will eventually stop launching ransomware attacks if nobody or only a very few victims pay the ransom. Another important reason not to pay is that recovery may not be immediate. In the case of the Colonial Pipeline attack, for example, the company opted to pay to start the recovery of their files. However, the decryption process was extremely slow, so the company had to turn to other options to recover their files.
Additionally, paying the ransom appears to encourage the attacker to attack again. A 2022 study found that 80 percent of those who paid ransom were attacked again by the same perpetrators, and 40 percent ended up spending the ransom again.
Poor cybersecurity awareness and practices
Social engineering tactics such as phishing emails often deliver ransomware to devices. Unfortunately, many still have a hard time instinctively detecting these attacks. They continue to click on suspicious links and download files carelessly, unwittingly facilitating the introduction of ransomware into their systems.
Like in most other types of cyber attacks, the human factor is a major factor. Many ransomware attacks succeed in infecting devices and systems because of an organization’s lack of cybersecurity awareness. Also, many organizations have inadequate security measures to prevent the spread of malicious software. Some even downplay ransomware threats because they believe they are unlikely to be targeted.
Anyone can be a target.
Ransomware attacks are mostly random. The target victims are not chosen based on size, profitability, or other criteria. In most cases, attacks are launched against anyone vulnerable. Those who become victims are those who have inferior security posture. Attackers look at attack opportunities, not specific criteria or metrics. They attack individuals, small businesses, large corporations, government institutions, NGOs, and others storing important data. This diversity makes developing a uniform defense strategy challenging, as each target type may require unique mitigation measures.
In summary, addressing the ransomware threat is a challenging task. Many tools or cyber defense platforms can be used against it, but their effectiveness is limited. Ransomware tactics ceaselessly evolve, and perpetrators of the attacks easily develop new strategies to find and exploit vulnerabilities. It does not help that many continue to lack adequate cybersecurity knowledge, and most governments refuse to rein over anonymity online. However, this does not mean that ransomware is unbeatable. The right tools, cybersecurity knowledge, security best practices, and stricter laws and regulations can provide a formidable defense against ransomware.