In response to the increased use of offsite and offline backups, cybercriminals adapted and developed a new approach to conducting ransomware attacks during 2020. Known as double extortion, some cybercriminals are first engaging in data exfiltration before encrypting an organization’s systems. This compromises databases, password lists, and Office documents, along with locking up your systems. Through data exfiltration, cybercriminals gain leverage over your organization through the threat of leaking or auctioning off sensitive data, regardless of whether your organization’s data is backed up. To make matters worse, third-party targeting and the increased use of remote work have increased organization’s risk of being affected by double extortion attacks going into 2021.
In the past, companies have used offline backups as a second line of defense to mitigate ransomware breaches. When a breach is sustained, backed up organizations can prevent the loss of crucial information, get their systems back online more quickly, and minimize business disruptions. In the event of cyber-extortion, however, an organization is forced to pay a ransom despite being backed up in order to protect sensitive information from being leaked.
Furthermore, cybercriminals have been targeting third-parties to get to your organization. Third-parties can be soft targets for data exfiltration and often cause breaches that impact other organizations. The implications are that, although your organization secures its network and follows the best practices, third-parties, business partners, and clients can still compromise your data. This can result in your organization becoming a collateral victim of a double extortion style ransomware attack, amongst other threats.
Lastly, ransomware attacks have been exacerbated by the global shift to remote work caused by the COVID-19 pandemic. According to a survey conducted by Skybox, this shift to remote work isn’t going anywhere, as 70% of organizations are expecting at least a third of remote workers to remain in the coming 18 months. These long-term remote workers need access to enterprise networks and sensitive data to function properly. This is concerning for organizations, as human error is one of the most common causes of network breaches, and remote employees are even more likely to cause breaches via phishing attacks, password sharing, and the use of personal devices.
Despite these risks, there are measures your organization can and should implement in 2021 to protect itself. The first of these measures is providing employees, especially remote workers, with adequate cyber training to recognize and report threats, which is essential to building a strong frontline against cybercriminals. As third-party breaches continue to become more common, organizations should view third-parties as an extension of themselves. It’s vital that you understanding your data’s value, who has access to it, what they can do with it, and if they can be “trusted”. Implementing proper vendor management and vetting your third-party vendors is key to mitigating collateral damage your company could sustain from third-parties. Lastly, coupling these efforts with security monitoring, detection, and incidence response preparedness is paramount to solidifying your organization’s security.
“Ransomware attacks happen every day and take months to recover from. The encrypting of your files is the last thing that happens. It is important to fully understand the precursors to ransomware attacks. You can lock down your ports and protocols like RDP and SMB but should watch for unexpected use of tools such as network scanners, remote tools such as PSEXEC and the use of PowerShell. Use application directory allow listing and restrict where applications can run from and whitelist software that’s allowed within your organization.”
Eric Peterson, Secuvant’s Director of Security Operations
Double extortion style ransomware attacks are but one of many cyber threats threatening your organization this year. If one thing is certain about 2021, cybercriminals will and are currently developing new ways to disrupt your organization. Acting proactively by implementing effective cybersecurity measures is the best way to thwart these attempts. Secuvant can help your organization do precisely that. No matter your size, Secuvant works with your organization to develop a personalized plan that fits your budget and ensures you’re covered and prepared for whatever comes your way. With the impending threats set to arise in 2021, it’s crucial to be proactive before it’s too late. Click here to learn more about Secuvant’s superior cybersecurity services, how we can benefit your organization, and to talk to a Secuvant Expert today.
Located in Salt Lake City, Utah, Secuvant is a global leader in integrated cyber threat analytics and risk advisory services, built on a value system of client focus, integrity, accountability, execution, and teamwork. Secuvant’s mission is to provide clients with a Clear Path Forward in their pursuit of establishing an acceptable security risk posture. Secuvant’s success is built upon strict adherence to its values, a functioning world-class advisory board, the unique combination of cybersecurity expertise and industry / vertical specialization, and a team of experts that repeatedly deliver best-in-class managed and advisory cybersecurity and risk services. Secuvant understands Cyber Risk is Business Risk™ and uses methodologies and metrics to minimize business risk. Services include, but are not limited to, Security Gap and Risk Assessments, Risk Program Management, Executive and Board Cyber Advisory, Penetration Testing, Security Monitoring, Managed Detection and Response and Incident Response services. To learn more, visit www.secuvant.com.