The insidious rise in cyberattacks continues. This past year, ransomware damage has skyrocketed 935 percent. As the latest Log4J vulnerability and ransomware attacks on numerous cloud servers demonstrates, businesses need to be more alert than ever.
While a patch for the Java-based logging utility CVE-2021-44228 (aka Log4Shell) zero-day RCE flaw in Apache Log4j library has been rolled out, the ramifications upon businesses are continuing.
As an example of cloud vulnerabilities, workforce management and human capital management cloud provider Kronos has recently been the target of a ransomware attack that has forced servers offline.
Such events are chaotic and costly. Looking at the current ransomware trends for Digital Journal is Laura Hoffner, Chief of Staff at Concentric.
Hoffner says that the holiday season has presented a rich hunting ground for cybercriminals: “Though the feds haven’t identified any specific known threats, criminals are prone to strike when key employees are traveling or spending time with family and friends making the holiday season a prime target.”
Of ransomware, Hoffner notes that various forms of cyber extortion as a whole has recently started to affect even those not specifically targeted. As well as opening up more groups to this threat, she also finds that the costs of those afflicted are also climbing: Ransom payments from cyber extortions was a $350 million industry in 2020, up 311 percent from 2019.
Calculating the cost of a ransomware event cuts in different ways. Those firms that do not pay the ransom are still paying ransom in other ways, with the average cost of downtime as a result of the extortion being 24 times higher than the average ransom amount.
Hoffner says that to tackle a cyber extortion event requires three actions:
- Preparation in order to prevent the extortion from being able to occur.
- Planning a response which includes threat verification, access, ransom negotiation, and cryptocurrency payment.
- Running post incident analysis and re-analysis of cyber audit to prevent follow on targeting.
She adds that, unfortunately, corporations need to keep in mind that even if a ransom is paid, the extorting party still maintains sensitive data that they could still release, at will. Negotiations only encourage the destruction of stolen data, but have no way to enforce that.
Hoffner concludes, stating: “The best way to avoid this vulnerability is to ensure your own systems have a regular cyber audit conducted as well as staff is completely aware of ongoing phishing and extortion trends. No matter how “locked down” a system may be, the weakest link will always remain the human. All workers need to be on constant alert as to what links they’re clicking on and who they’re giving access for what.”
