Among the many threats facing businesses on a day-to-day basis, none is quite so prevalent as ransomware. It was the most common attack method in the first half of 2023, accounting for 68.75% of all attacks. That is far more than network breaches (16.25%), data extortion (16.25%), and data exfiltration (2.5%) put together.
To make things more difficult for cyber security teams, ransomware attacks don’t stick to business hours. In fact, Sophos found that in 81% of ransomware attacks the final payload was launched when the office was empty and laptops were switched off. On the occasions where the attack was deployed during business hours, only five happened on a weekday.
Ransomware is Now a Career Choice
Why is ransomware so popular amongst cyber criminals?
A lot of ransomware gangs operate on a model that mirrors normal businesses with many cognizant parts. Initial access brokers - the criminals who specialise in infiltrating computer network systems - identify the vulnerabilities to make way for malware; the expertise of malware engineers is used to build ransomware; it is then sold on the dark web ‘as a Service’.
Any semi-cyber-savvy person can pay to download ransomware from the darkweb, and turn their sights on an organisation of choice, as easily as ordering something on Amazon. With a few other tools in place, these Ransomware as a Service offerings from the likes of LockBit and many others, offer a plug and play service for any wannabe cybercriminal.
Just like any successful business, hackers know their market too. They know which businesses are most likely to pay, and how much they will pay after negotiations; they know the best route into an organisation’s IT systems; and they know the best times to execute the payload to catch security staff off guard. This is what makes cybercriminals profitable and motivates them to continually evolve.
In addition to the sophistication of threat actors, the sheer quantity of attacks is increasing, while the capability and variety of attacks also grows at an alarming rate. Hackers can now execute a wide range of attacks beyond classic scams and ransomware, making use of automation, impersonation and rapid adaptation to overcome even robust defensive structures.
For already stretched IT and security teams, staying ahead of hackers’ evolution is getting more difficult.
The Challenge of Ransomware Defence
In the world of cybercrime, ransomware attackers know how to catch businesses off guard to extort the maximum amount of money from their target. Traditional defences alone simply aren’t enough to fend off attacks around the clock.
Common cybersecurity measures, such as firewalls and antivirus software, act like a thick wall around your business. They do a great job of defending from threats, so long as there are guards around to actively keep a lookout. But the problem is, when fewer people are staffing the barricades, your business is more vulnerable to attack. That’s why ransomware actors strike under the cover of darkness, over the weekend, or even over a public holiday - as was the case during the Lazarus heist in 2016.
Introducing MDR
With the democratisation of ransomware, Managed Detection and Response (MDR) systems have become increasingly essential. Unlike a traditional system that requires local monitoring to be safe, MDR provides you with a 24/7 security team, leaving no quiet point for ransomware actors to make their move.
But an MDR does a lot more than simply deliver round-the-clock monitoring. It’s much smarter than that. It also uses telemetry from your business, as well as thousands of others using the same system, in order to create more actionable threat analysis. Threat telemetry enables organisations to identify, understand, and anticipate emerging threats, before they have a chance to turn into something much more sinister. And, with dwell times dropping from ten days to eight in 2023, quick reactions are becoming increasingly essential for fortifying defences and enhancing incident response, thereby ensuring data remains safe when an attack occurs.
But, with the support of detection capabilities, the security industry is fighting back. There’s now much less time for a malicious actor to get what they want, before MDR tools unmask them. This rapid detection makes the window of opportunity for an attacker much shorter and puts pressure on hackers - perhaps even forcing mistakes.
Accumulating actionable threat analysis is indispensable. The need for constant 24/7 monitoring, threat detection and response has to be part of organisations’ cybersecurity strategies, as ransomware grows in sophistication.
Because if ransomware doesn’t sleep, your defences can’t either.