Email Security

    Ransomware Returns With A New Twist: Pay Up or We’ll Publish

    Ransomware attacks have become larger and more sophisticated—and hackers are increasingly stealing sensitive information and threatening to publish it unless the ransom is paid.

    by Mercedes Cardona
    getty-dark-room-with-laptop.jpg

    Key Points

    • More ransomware attacks are stealing sensitive information and extorting organizations with threats to leak it online.
    • With more users working remotely during the COVID-19 pandemic, openings for hacking have multiplied.
    • A combination of cybersecurity awareness training and technology can fortify your defenses.

    In May, hackers broke into a celebrity law firm’s network, stole confidential documents related to star clients, and threatened to publicly release the data unless the firm paid a record-setting $21 million ransom. When the demand wasn’t met, the hackers published Lady Gaga’s files and doubled the ransom, threatening to release other data.[1]

    After something of a lull, ransomware has once again risen in importance as a prevalent and serious threat. And in a new wrinkle, hackers are increasingly stealing sensitive information and extorting organizations with threats to tell all.

    A Pandemic of Ransomware

    Among organizations surveyed for Mimecast’s State of Email Security 2020, 51% said they had suffered a ransomware attack that impacted business operations during the past 12 months, suffering an average of three days of downtime.

    The FBI’s Internet Crime Complaint Center has warned that even as the incidence of ransomware held stable or dropped in 2018 and 2019, the complexity of the attacks is on the rise. They are becoming “more targeted, sophisticated and costly.”[2]

    Adding to the problem: With a growing number of employees working from home during the COVID-19 pandemic, hackers have new opportunities to prey on users—although during the early stages of the pandemic this year, many attackers focused on tactics that were even easier to execute than ransomware, such as credential-stealing phishing emails.

    A growing number of cyberattacks in late 2019 using Emotet “malware-as-service” pointed to a likely increase in ransomware attacks this year. That prediction has been borne out in recent attacks recent attacks, the hackers are more often demanding money in exchange for not releasing private information.

    That prediction has already been borne out recently with attacks on organizations such as Pitney Bowes, Diebold Nixdorf and even the Texas Supreme Court’s website.[3] [4]

    The currency exchange firm Travelex reportedly paid $2.3 million in Bitcoin after a New Years’ Eve attack in which hackers encrypted and claimed to have exfiltrated 5GB of its data.[5]

    Healthcare organizations have also become a prime target during the pandemic. Organizations such as Magellan Healthcare and the European hospital operator Fresenius have suffered ransomware attacks.[6] [7] An industry group formed specifically to protect healthcare organizations from cybercriminals in the wake of this upswing.[8]

    Attacks Are Larger and More Sophisticated

    As studies have pointed out, some recent attacks are larger and more sophisticated. Executives at IT company Cognizant, which suffered a ransomware attack in the first quarter, said it will eventually cost the company $50 million to $70 million in cleanup costs and lost business during the second quarter of 2020, and further costs beyond.

    “Ransomware attacks are becoming all too frequent across industries,” CEO Brian Humphries told analysts. “Nobody wants to be dealt with a ransomware attack. I personally don't believe anybody is truly impervious to it, but the difference is how you manage it. We are using this experience as an opportunity to refresh and strengthen our approach to security.”[9]

    Protecting The Organization Against Ransomware

    Securing against ransomware requires a combination of technology and awareness training, says Dr. Kiri Addison, Mimecast Head of Data Science for Threat Intelligence & Overwatch.

    One of the easiest ways to protect against ransomware is the simplest: don’t click on the suspect attachment or link in email messages. A Mimecast survey of healthcare breaches found 90 percent had faced an email-borne attack last year; the most common attacks involved malicious URLs and phishing.

    Training employees to treat email carefully is the first line of security, because a single employee error is all it takes for malware to get into your network. Recent Mimecast analysis found that awareness training can be extremely effective in reducing unsafe behavior: employees who don’t receive awareness training are more than 5x as likely to click on suspicious links. “Awareness training around these kinds of scams is a big part of security, because human error is a factor,” Addison said. 

    In addition, email security technology can be used to scan for malicious malware attachments and links in incoming emails. Even if an employee downloads malware in error, advanced email security can prevent malware spreading through the organization in internal email or being distributed in outgoing email to customers.  

    The FBI has also published a list of best practices to help organizations fight of ransomware attacks, including:[10]

    • Regularly back up data, verify its integrity and store it offline. Backups are the best way to recover data.
    • Patch all vulnerabilities as they are discovered. A centralized patch management system makes this easier.
    • Set anti-virus and anti-malware solutions to update automatically and run regular scans.[11]
    • Configure access to data with the least privilege in mind. No one should have access to files they don’t need.
    • Disable macro scripts from Microsoft Office files transmitted via email. Malware is often concealed as macros.
    • Implement software restriction policies or other controls to prevent the execution of programs in common ransomware locations, such as browsers’ temporary folders and file compression/decompression programs.
    • Implement application whitelisting, so systems will only execute programs known and permitted by security policy.
    • Categorize data based on organizational value, separate networks and data for different organizational units. Sensitive data should not be on the same server as email.

    The Bottom Line

    Ransomware is a key element in the rise in cyberthreats surrounding the COVID-19 pandemic. And increasingly, hackers are not only locking up confidential data, but also threatening to publish it online unless the ransom is paid. A combination of awareness education, technology, and the right cybersecurity hygiene can be used to protect against the threat.  

     

    [1] “Celeb Law Firm Refuses Hacker Ransom as Lady Gaga Files Leak” Rolling Stone

    [2] “High Impact Ransomware Attacks Threaten U.S. Businesses and Organizations” FBI

    [3]Package delivery giant Pitney Bowes confirms second ransomware attack in 7 months,” ZDNet

    [4]Hackers Target Texas Courts in Ransomware Attack,” Courthouse News Service

    [5] “Travelex Paid Hackers Multimillion-Dollar Ransom Before Hitting New Obstacles Wall Street Journal

    [6]Hackers Change Ransomware Tactics to Exploit Coronavirus Crisis,” The Wall Street Journal

    [7]Hacker hits Magellan Health with ransomware attack,” FOXBusiness

    [8]CTI League Inaugural Report,” CTI League

    [9]Cognizant Technology Solutions Corp (CTSH) Q1 2020 Earnings Call Transcript,” The Motley Fool

    [10] High-impact ransomware attacks threaten U.S. businesses and organizations, FBI

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top