Ransomware has risen to prominence in recent years – but did you know it started way back in 1989?
During a ransomware attack, victims are locked out of their company systems while a demand is made for their reopening and the safe return of stolen data.
It may not have been the most effective attack, says Ben Jenkins, given that the offender asked his victims to mail their payment to a P.O. Box in Panama – and he was easily traced.
Jenkins, director of cyber security at ThreatLocker, describes the latest approaches taken by threat actors as “terrifying”.
“We’ve seen ransomware take huge, huge shifts over the last 10 years,” he told BusinessCloud at the Digital Transformation Expo (DTX) in Manchester last week.
“The emergence of cryptocurrencies – and the rapid onboarding and use case of those cryptocurrencies – has meant that cleaning [ill-gotten] payments is a lot easier. We have seen a dramatic uptick in the number of attacks in the last five-to-10 years.
“People have backup solutions now, but the threat actors know this: more than three-quarters of attacks now threaten to leak data on to the dark web or send it to your customers. Or, worse, to your competitors.
“It’s pretty terrifying, but companies have to adapt. It’s very much a cat-and-mouse game.”
In 2021 the Colonial Pipeline ransomware attack brought the east coast of America’s supply of gas (petrol) to a standstill, as the company under attack was responsible for providing half of all fuel to the region.
The Health Service Executive of Ireland was also hit with an attack last year. “They took down both national and local computer systems,” says Jenkins. “They were having to write down with pen and paper as to whether people had been vaccinated [against COVID].
“Ransomware attacks are only going to get worse. Security vendors and security-focused individuals usually look at a problem and a year later that problem is fixed… but ransomware has been around year after year after year after year. It’s not going away.”
ThreatLocker specialises in a ‘zero trust’ approach to security which Jenkins says is the most effective defence against ransomware and other types of cyberattack, particularly in the era of remote and hybrid working.
‘Zero trust’ is based on the notion that a breach has already occurred. A default denial function, it will only allow applications to run which have been added to an ‘allow’ list by the IT team.
“You can’t always rely on endpoint detection and response (EDR) or managed detection and response (MDR) because they are looking at good and bad behaviours – and zero-day exploits get by because they don’t know what’s good or bad,” says Jenkins.
Zero-day attacks are when a hacker exploits an unknown vulnerability before developers are able to fix it via a patch.
“The key difference between the ransomware piece and the app vulnerability piece is you’ve already allowed the application to run,” adds Jenkins. “So it’s then a failing inside of the application. Maybe it can run code or be used to attack other applications inside your system.
“With the ransomware piece, you should only allow what needs to run, to run.”