High-impact ransomware attacks and the rise of disruptionware are emerging as top cybersecurity threats in 2020.
The Federal Bureau of Investigation (FBI) recently issued a public service announcement warning of "high-impact" ransomware attacks targeting critical private and public sector institutions.
Ransomware, which blocks a victim's network access until a ransom has been paid, continues to present a serious threat to government agencies, health care providers, and educational institutions. There have been at least 621 reported successful ransomware attacks against American corporations since the beginning of 2019. Of these, at least 491 targeted health care providers, 68 targeted county and municipal institutions, and 62 targeted school districts.
The FBI states that hospitals and health care institutions are often the targets of ransomware because cybercriminals hope they will be unable to take the time needed to restore backups after a ransomware attack and will opt to pay the ransom instead. Unfortunately, many victims report that their data was never restored, even after they paid the ransom.
The blog "knowbe4" predicted that victim organizations will pay more than $11.5 billion in ransoms in 2019, up almost 30 percent from the approximately $8 billion paid in 2018.
Disruptionware is a new type of malware that suspends operations by compromising "the availability, integrity and confidentiality of the systems, networks and data belonging to the target." Disruptionware can be more crippling for victims than many other types of malware. As its name suggests, it uses a layered attack to disrupt an organization's operations and production in order to achieve a certain strategic goal.
Disruptionware uses many of the same elements as other types of malware, including ransomware, "wipers," "bricking capabilities," automated components, data exfiltration tools, and network reconnaissance tools. Jason G. Weiss "Emerging Cybersecurity Threats for 2020: The Rise of Disruptionware and High-Impact Ransomware Attacks" natlawreview.com (Jan. 30, 2020).
Organizations should examine their cyber protections and response plans to make sure they address emerging risks such as disruptionware and Remote Desktop Protocol (RDP) attacks, another new risk for 2020.
In RDP attacks, cybercriminals exploit unsecured RDP services to access an organization's network. RDP attacks are becoming more common because organizations often fail to protect their RDPs with strong login credentials.
Organizations can work to protect themselves against all kinds of cyberattacks by requiring every employee to use strong, unique passwords on all accounts and by protecting networks with strong, unique passwords.
Application whitelisting allows you to approve certain software applications or executable files. This is important because whitelisting protects your organization's computers and network from malicious applications by preventing the security holes caused by running unsecured and sometimes untested software applications, which generally have many vulnerabilities.
Finally, make sure your written cybersecurity response plan includes how you would respond to a high-impact ransomware or disruptionware attack, both of which can be particularly devastating to your operations.
Look at what data is essential to your operations so that you can prioritize what must be restored first and what can wait. Examine how you back up data to determine if it is effective or if you need to improve your data backup system. If improvement is needed, do so right away. An effective backup system is your best tool to recover quickly from a high-impact ransomware or disruptionware attack.
Consider every action that would be necessary to recover from a serious cyberattack and get your organization operating again. Clearly designate who will be responsible for each recovery step. Include both internal employees and external experts who may be required to support your internal information technology team to get you back online quickly. Include contacting law enforcement in your recovery procedures.