Ransomware 3.0 – Where the CISO’s most feared scenario goes next
Ask any CISO what keeps them awake at night and the answer is bound to be: ransomware. A proven money-maker for cybercriminals, ransomware can be devastating to your business – it can wipe out core operational systems; can cost you millions of dollars to recover from; can result in a stock downturn and job losses; and it should be entirely avoidable.
A brief history of ransomware
Ransomware 1.0 really kicked in with the advent of cryptocurrency, allowing cyber criminals to anonymously monetize the attacks. In this first iteration, the malware was sent out in massive quantities of malicious emails into the wild and it would demand payment from whatever machine it happened to infect. This reached a peak when, in May 2017, the global WannaCry outbreak used an automated attack mechanism to infect hundreds of thousands of machines, bringing panic across the security industry, and impacting critical national infrastructure like healthcare institutions. Unprecedented in its scale, WannaCry underlined the fact that ransomware was able to create massive extortion opportunities from public and private organizations alike.
The current incarnation, often called big game hunting ransomware or ransomware 2.0, is a more targeted and methodical attack. Criminals will compromise an individual endpoint (either via email, remote desktop protocol, or a vulnerable internet-facing device like a VPN), enter the network and attempt to hide. Over time they will escalate their access privileges, identify valuable data, exfiltrate information, poison backups, and then plant the ransomware.
When the malware is detonated, the victim has little recourse. The option of not paying is challenging because backups are compromised, and, even if they do recover on their own, the attacker will leak all their sensitive data. It’s a bleak situation – and the reason that CISOs the world over fear this very situation.
So, while this is bad enough, what comes next?
The next stages in ransomware
As cloud adoption has accelerated, partially driven by Covid, firms have more reliance on third party systems and data storage. In 2021, we can expect to see ransomware evolve to more aggressively target the cloud infrastructure,…