In an ever-evolving world of attack types and threat actors, businesses are having to maintain extra vigilance. From popular DDoS (Distributed Denial-of-Service) attacks that flood the host’s network until it crashes, to specialised ransomware actors looking for a quick buck, every organisation that has sensitive data is a target.
By Darren Thomson, field chief technology officer for EMEAI at Commvault
As if the threats that have evolved over the past few years are not concerning enough, a notable trend is emerging and one that has direct implications for businesses of all stripes and sizes.
Ransomware and data breach techniques are getting a modern makeover; traditionally a malware tool favoured by cybercriminals to extort money from organisations, ransomware has traditionally relied on data encryption techniques to hold companies hostage.
The encryption essentially seals (or locks) the data so that the bad actor can demand a ransom from a company in return for unlocking the data and allowing the business to resume normal operations.
Now, a new form of data breach is starting to occur, only without the encryption element. These ‘extortion’ or ‘exfiltration-only’ attacks opt not to encrypt the data they are stealing, yet are still able to demand a ransom from their companies successfully, by exfiltrating targeted data sets and replicating them in the criminal’s own network.
Just like any other business
According to IBM, the average cost of a ransomware breach was $4,45-million last year, a 15% increase in the last three years. For businesses, alongside the reputational pain of an attack is a deep financial burden.
To understand the swing to encryption-less ransomware attacks, we need to understand exactly the type of threat actors we are dealing with.
Ransomware attacks are never normally perpetrated by one bad threat actor. They are usually formed of groups and are just as much businesses as the ones they are stealing from; they are profit-led, strive for efficiency, and care about their return on investment. Some hire sub-contractors for certain tasks, have reconnaissance teams to look for data sets, and even have their own PR and advertising companies.
All of this, naturally, costs money.
When you add into this the expense of encrypting a company’s stolen data, the staging of modern ransomware can be a costly business and moving to an encryption-less ransomware model gives hackers some major financial benefits.
Encryption is a costly game
Encrypting data is time-consuming, especially when targeting businesses with vast data pools. By avoiding encryption, hackers can swiftly pilfer sensitive information at scale, without the delays inherent in encryption.
Furthermore, while encryption per se may not be expensive, the overall process of deploying and managing the encryption-based software can be resource-intensive and technically challenging. In fact, history has shown us that many ransomware strains had significant faults in their encryption (and decryption) implementations.
These factors combined explain why encryption-less attacks have most likely increased 40% in the last year, as hackers use these techniques alongside encryption-led cybercrime and DoS attacks to maximise returns.
So, how can businesses fortify themselves against this triple threat?
The importance of resilience
Resilience is key. With data distributed across clouds, regions, and apps, ransomware thrives in this hybrid complexity. Businesses must deploy a combination of education, collaboration, cyber deception, and scanning tools to fend off sophisticated attacks.
Proactive threat detection, coupled with robust recovery technology, is essential. Businesses must detect and prevent ransomware or DoS attacks before data compromise occurs, then swiftly and securely recover data post-attack.
Without these measures, businesses are vulnerable to the triple threat of encrypted and encryption-less ransomware and DoS attacks. As extortion attacks rise and cybercrime grows increasingly sophisticated, businesses cannot afford to delay. It is time to take control of their data.