The changing nature of ransomware attacks means that CISOs everywhere must innovate if their organisations’ operations, and those of customers, are not to be seriously affected.
This was one of the conclusions of a new global survey of IT decision makers conducted by Venafi, a developer of machine identity management solutions. Its findings reveal that 74% of senior IT professionals are so concerned about new extortion tactics that they believe ransomware should be considered a matter of national security.
Venafi said its data takes on a new urgency in light of the recent advisory from the UK’s National Cyber Security Centre (NCSC), Australian Cyber Security Centre (ACSC), Federal Bureau of Investigation (FBI), National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) detailing the growing risks posed by ransomware. Extortion tactics mean that ransomware defense strategies focused on data protection are no longer effective, it concluded. Organizations, it said, need a more robust and innovative ransomware security program to protect against risks.
The survey found that:
- Almost a fifth (18%) of victims paid a ransom but still had their data exposed on the dark web
- Almost 1-in-10 companies (8%) refused to pay the ransom, and the attackers then tried to extort their customers
- More than a third (35%) of victims paid the ransom but were still unable to retrieve their data
“Ransomware attacks have become much more dangerous,” said Kevin Bocek, vice president of business development and threat intelligence at Venafi. “They have evolved beyond basic security defenses and business continuity techniques like next-gen antivirus and backups. Organizations are unprepared to defend against ransomware that exfiltrates data, so they pay the ransom, but this only motivates attackers to target new victims. The bad news is that attackers are following through on extortion threats, even after the ransom has been paid. This means CISOs are under increased pressure because a successful attack is much more likely to create a full-scale service disruption that affects customers.”
Threat actors are constantly evolving their attacks to make them more potent, and it is time for the cybersecurity industry to respond in kind, added Bocek: “Ransomware often evades detection simply because it runs without a trusted machine identity,” he noted. “Using machine identity management to reduce the use of unsigned scripts, increase code signing and restrict the execution of malicious macros is vital to well-rounded ransomware protection.”