Alarming Ransomware Tactics Make Cybersecurity Even More Critical

Ransomware is getting real.

Not that the costs and disruption of a ransomware attack weren’t high before. According to the law firm Fisher Phillips, victim organizations forked over $1.1 billion in ransom payments in 2023, with the average payout totaling almost $750,000. The average total cost of a ransomware attack, including response, notification, recovery and lost business, exceeded $5 million.

These increased payouts are coming from fewer victims. According to a new report from Coveware, just 28 percent of victim organizations paid the ransom in the first quarter of 2024. Organizations recognize that paying the ransom is no guarantee that the attacker will provide the decryption key, or that the attacker won’t strike again. Organizations are also becoming more able to restore their data and operations without a decryption key.

New Tactics from Threat Actors

Now, however, threat actors are resorting to new tactics to extort more money from victims. Many attackers exfiltrate data and threaten to expose it if the victim doesn’t pay. Some are engaging in “triple extortion” by also threatening to launch distributed denial of service (DDoS) attacks that would render systems inoperable.

The Russia-linked CL0P ransomware gang is now using “quadruple extortion.” If the above techniques don’t compel the victim to comply, CL0P will notify customers, business partners, the media and other groups that the organization was attacked. Cybercriminal group BlackCat went even further, filing a Section 8-K disclosure with the Securities and Exchange Commission (SEC) on behalf of the victim.

Most alarmingly, another gang that attacked a cancer center sent messages to patients demanding $50 to prevent leaking their data. The gang then made false hostage reports and bomb threats, hoping that law enforcement would storm the patients’ homes!

Protect yourself: the average total cost of a ransomware attack, including response, notification, recovery, and lost business, exceeded $5 million.

There’s no negotiating with these threat actors. Ransomware-as-a-Service operators are demanding bigger cuts from the hackers who use their services, so small-scale attackers are resorting to more primitive techniques. Rival gangs are battling one another for payouts. Even if one gang agrees to return the victim’s data, a second group may expose it anyway and demand another ransom.

Organizations should make it a top priority to protect their systems and data against ransomware. Experts recommend these seven basic strategies:

1. Use strong, unique passwords for every system and device connected to the network, including Internet of Things (IoT) devices. Require multifactor authentication for sensitive systems and remote access. Strictly limit the number of users who have administrator-level privileges. Regularly review privileges to ensure that they are appropriate, and promptly remove inactive accounts.
2. Monitor the network for unauthorized devices and software and suspicious activity. Keep firmware, operating systems and applications up to date and patched. Segment the network to prevent attacks from spreading laterally.
3. Implement advanced tools for threat detection and response. Legacy antivirus software that relies on known malware signatures is no longer adequate to protect against evolving threats.
4. Use automation and artificial intelligence to detect threats faster and more accurately. Finely tune these tools to reduce false positives. Utilize analytics to assess and prioritize threats.
5. Secure data across the extended enterprise, including user devices and the cloud. Back up data regularly and test backups frequently. Follow the 3-2-1 rule: Keep three copies of data on two different media with one copy offsite. Secure backups by encrypting them, keeping them offline or using immutable storage.
6. Provide users with regular cybersecurity training. Ransomware attacks are frequently deployed through phishing emails, so users should know how to recognize these tactics.
7. Develop, maintain and test an incident response plan. The plan should include procedures for responding to ransomware attacks and notifying appropriate individuals. Conduct a “table-top exercise” at least once a year.

Develop a Cybersecurity Strategy with GDS

GDS is here to help you develop and implement a comprehensive cybersecurity strategy to protect your IT environment. We offer a range of managed security solutions and services backed by our expert team. Contact us today for a confidential consultation.

Benefits of Managed IT Services from Global Data Systems

• Strategic Managed IT: We help you solve your technology related business problems.
• Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
• Support: When you need help simply call our 24x7x365 support number.
• Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.

Contact Managed Services Provider, Global Data Systems >