Encryption experts offer critical steps to fight ransomware

New whitepaper from iStorage urges businesses to adopt more robust measures as rapid rise in ransomware attacks expected in 2023.

A new whitepaper to help businesses adopt more robust measures in the fight against ransomware has been published by iStorage, hardware encrypted portable data storage and cloud encryption solutions company. With an alarming rise in the sophistication and frequency of ransomware attacks expected in 2023, businesses of all sizes need to urgently familiarise themselves with the necessary steps to fortify their security posture.

Ransomware is expected to move into the mainstream with cyber criminals getting bolder, as Ransomware-as-a-Service (RaaS) - which sees ransomware authors offering clients off-the-shelf malware variants, expertise from the cybercrime community and databases full of credentials - puts the means to implement an attack into the hands of many more prospective perpetrators from the lone wolf to state-sponsored hacktivist groups.

CEO of iStorage, John Michael, explains: “Put simply, 2023 will see the coming together of the means, motive and opportunity when it comes to executing ransomware attacks. The growing social unease and tense geo-political relations that may cause grievances, the lucrative gains to be made, and now easy access to ransomware technology are a toxic combination that should be a cause for concern for cyber security and IT professionals.”

A single ransomware attack can net perpetrators millions of dollars, with recent attacks demanding upwards of US$70 million and cybercrime itself costing organisations $6 trillion per year in global damages. The European Union Agency for Cybersecurity, ENISA, says ransomware now “ranks as a prime threat” in the cybersecurity landscape.

Businesses across the UK could quickly find themselves in the firing line if defences are weak and left vulnerable. They need to recognise the characteristics of an attack through a better understanding of the evolving threat vectors, improved security policy and a dynamic incident response plan to reduce impact. Urgent action will be needed to stave off business downtime, financial loss and reputational damage.

Malware authors are flush with more directions of attack – and potential vulnerabilities lurking in a wider range of easily-accessed systems – than ever before. Ransomware spreads through various means, including phishing emails with malicious links or attachments, portable computers, exposure to public Wi-Fi, and Zero-Day vulnerabilities. Malicious threat actors are moving from simply locking down data to employing double and triple extortion tactics, whereby they intend to steal, threaten to share that information, and also make ransom demands against a business’s third-party clients.

Phishing attacks are also becoming more complex as technology evolves. For example, Spear phishing - crafting targeted attacks on individuals by aping high-level employees - can now be automated via AI to generate conversion rates of up to 80%. AI has been used to emulate the voices of CEOs making phone-based phishing (known as vishing) truly effective. And as the power of AI grows, such deep fakes will infiltrate video calls too.

John Michael elaborates, “The richest prizes have come from those with the highest level of access, and hackers now perform detailed reconnaissance on key targets. It has never been more imperative, therefore, to adopt a never trust and always verify stance with regards to access permissions. Firmly locking down access to an organisation’s data requires implementation of a Zero Trust strategy, with consistent encryption and a stringent backup policy. By doing nothing and assuming that an attack is something that will happen to other businesses will mean the situation becomes far worse in 2023.”

Taking a Zero Trust approach minimises the possibility of an IT infrastructure attack by removing any implicit trust. Every device, user, platform, tool or vendor must clearly demonstrate its security credentials. Employees must be trained to understand this, and a workplace culture must be built around cyber hygiene and resilience.

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI