Ransomware in 2022: Developing a Holistic Ransomware Response Plan June 26, 2022 Four in five Canadian organizations report detecting ransomware attacks, but only two in five believe that they are aware of all attacks on their system. This makes it clear thatransomware is a significant risk to your organization and that you need a ransomware response plan.Long gone are the days when ransomware proliferated via randomized email campaigns. Cybercriminals are becoming increasingly sophisticated, and they are going after businesses that have a lot more to lose than individuals do. That’s why every organization needs a holistic ransomware response plan built into its cloud infrastructure.Read on to learn more about how ransomware has changed over the years, what current ransomware attacks look like, and how you can protect your cloud infrastructure with a comprehensive plan. How Ransomware Has Evolved: A Brief History Ransomware started back in 1989, with the first ransomware being uploaded onto floppy disks. In the mid-2000s, ransomware continued, with email-based phishing attacks being used as the infiltration point. These attacks tend to target random, individual users, and the payments being demanded were low — between $100-300. The development of cryptocurrency helped not only provide a more secure and untraceable way to receive payments, but it also helped cybercriminals utilize the blockchain to deploy more sophisticated encryption tools. By 2018 cybercriminals started to strategically attack organizations. The organizations typically targeted by ransomware criminals store and process private and sensitive data — like schools and hospitals. Due to the sensitive nature of the data held for ransom, ransomware attacks on organizations come with much larger ransom demands — typically in the thousands.The rise of these attacks has prompted many organizations to integrate a ransomware response plan into their cyber security strategy. Ransomware in 2022 and Beyond Today’s ransomware attacks are nuanced and sophisticated. Cybercriminals look to exploit the weakest points of overlap in your system, for maximum disruption. These kinds of attacks can lead to reputation-destroying data leaks, and weeks of delays until all systems are up and running again. Because of the high stakes of the data being exploited in these attacks, the payments being demanded are higher than ever. Developing an effective ransomware response plan includes knowing what kinds of attacks are commonly used today. Current ransomware attacks employ strategies like triple extortion, RaaS (Ransomware as a Software), and name-and-shame tactics. Double or triple extortion takes advantage of the sensitive nature of data – whether it be user logins, health data, or demographic data — to extort multiple payments. The first payment is to decrypt the affected data so you regain control of your systems, and the remaining payments are to ensure that the data stolen is erased from the attacker’s database, instead of sold off or released to the public.This takes advantage of a less sophisticated ransomware response plan that only takes into account a single payment in exchange for decryption. RaaS is a complicated scheme where cybercriminals lease out the software so that less tech-savvy individuals can launch their own ransomware attacks. This allows a lot more ransomware attacks to occur, by removing the technological know-how. Lastly, the name-and-shame tactic — often used in conjunction with double/triple extortion — searches for the most sensitive information your organization has and demands payment in exchange for that information not being leaked to the press.The kind of information targeted by these attacks includes mergers not yet gone public, changes in organizational structure, or releasing information on any perceived wrongdoing. These attacks have the potential to ruin your brand’s reputation or have significant financial impacts. As ransomware operations become more and more sophisticated, so too must the tools that prevent, identify, and respond to these threats. Developing a Holistic Ransomware Response Plan In Your Cloud Infrastructure Cloud systems are not immune to ransomware attacks. As more and more data is being stored in the cloud, cybercriminals are shifting their attacks to specifically target cloud systems for maximum destruction. The key to an effective ransomware plan is to implement a holistic approach that fights ransomware at every step of the way. This requires a comprehensive ransomware response plan in the design of your cloud infrastructure, as well as 24/7 monitoring to detect and stop attacks as they occur. Carbon60 prioritizes cloud security every step of the way. We implement the NIST Framework; a holistic approach to cyber security that focuses on the five pillars of strong cyber security: response, identification, detection, protection and recovery. With Carbon60, it’s not just about responding to ransomware attacks, we also provide: Training for your team to prevent attacks as a result of social engineering.A plan for early detection and 24/7 monitoring. Vulnerabilities testing to identify potential weak points. in your system. Early detection of threats and robust containment. We leverage our knowledge of complex cyber security practices to create a holistic ransomware response plan that keeps your cloud infrastructure safe. We provide 24/7 monitoring, as well as yearly audits to ensure that you’re ready for the next evolution in ransomware attacks. Want to know more about current and future ransomware attack vectors?We partnered with IDC and CIO to put together a panel of Canada’s top IT security executives to discuss cyber security. Check out the replay here.