By Tamer Odeh, Regional Director at SentinelOne in the Middle East
Ransomware is on the rise again, and dramatically so. A recent industry report found that ransomware attacks increased by 150% in the last year, while blockchain research firm Chainalysis saw a 311% increase, year on year, to the end of 2020 in the number of actual ransomware attacks. These figures illustrate that ransomware is a growing problem, and businesses and organisations of all kinds, public and private, are experiencing its detrimental effects.
Organisations in the Middle East are also facing a “cyber pandemic”, as malicious actors target vulnerable sectors such as finance and healthcare. Ransomware is also a growing concern in the region, as attack frequency and sophistication rose significantly since last year.
Criminals today will use every last ounce of leverage that they have over their victims to maximise profits and return on investment. In fact, they will use financial and emotional triggers to ensure that the victim feels they have little choice to pay and pay quickly. This form of insidious behavior means a ransomware attack can not only leave someone financially vulnerable, leading to long-term damage to individuals and institutions alike.
Deep Dive: The Colonial Pipeline Ransomware Attack
The recent campaign targeting the Colonial Pipeline in the United States is a sobering example of the extent to which cybersecurity – specifically ransomware – threatens everyday life. There is a lot more to this than encrypted or stolen data. It’s hard to understand the economic repercussions of a disruptive attack on critical infrastructure, whether for financial gain or otherwise. The attack on the Colonial Pipeline was attributed to DarkSide, a relatively new ransomware family that emerged on the crimeware market in November 2020. DarkSide launched as a RaaS (Ransomware-as-a-Service) with the stated goal of only targeting ‘large corporations.’ This meant that the group would sell or lease ransomware to other cybercriminals to launch attacks. From the onset, DarkSide was focused on choosing the ‘right’ targets and identifying their most valuable data. It was also regarded as one of the most disruptive cyberattacks in the US oil and gas industry. It impacted the distribution and supply of oil products across the pipeline route. In fact, according to Bloomberg, the Colonial Pipeline paid nearly $5 million in ransom to the hackers.
There are many reasons why ransomware is on the rise, and to say it is just down to COVID-19 and employees working from home doesn’t do justice to the real situation. Of course, the pandemic, subsequent movement restrictions, and increased online activity have all contributed to the problem, but none of these explain the “commoditisation” of ransomware as a threat.
Why Are Ransomware Attacks Increasingly Common?
According to PwC, there are three key reasons behind the increase. Firstly, as Ransomware-as-a-Service is becoming increasingly popular, barriers to entry are dropping, allowing relatively unskilled bad actors to access complex tools and the environment from which to run their campaigns. Additionally, a consequence of the dropping of barriers to entry is that ransomware activities are now more efficient and, therefore, scalable. The rise of RaaS has meant ransomware activities that were beyond the capabilities of certain bad actors are now inherently accessible, and vitally, profitable. Moreover, existing bad actors are launching more sophisticated attacks. There has been an apparent surge in the investment across many platforms, upgrading their core ransomware systems to stay ahead of the game and evade detection.
Accordingly, it is safe to say that today’s ransomware is nothing like the ransomware of the past. Today’s ransomware has moved from playful to malevolent, fundraising to commercial, and annoying to insidious. With criminals thinking strategically, commercially, and above all being highly motivated, there doesn’t appear to be any respite from the sheer volume of ransomware threats out there for us to have to deal with.
The Colonial Pipeline attack is only the latest in a slew of increasingly daring ransomware attacks. The absolute best defense against a severe ransomware attack is preparation and prevention. Technology is a huge part of that, but one must not discount user hygiene and education. It is vital to keep end users up to date on what threats are out there and how to spot them. Vigilant users, along with robust preventative controls, are essential. Business continuity planning and disaster recovery drills are also critical to ensure readiness and resilience against these threats.