You work hard for your paycheck.
Just like everyone else, cyber attackers want to make money, too.
But, unlike most people, they work through theft, data ransom, and extortion.
When attacked, victims feel no choice but to pay up – even despite the poor odds of recovery.
To achieve their objective, threat actors keep evolving their attacks, increasing the damage and adding urgency to the situation.
As the impact of ransomware continues to worsen, businesses like yours must prepare.
If you’re hoping to avoid the impact of ransomware, your cybersecurity must be deeper and more thorough than ever before.
Ransomware Is Growing More Aggressive
Over the last few years, attacks are on the rise.
In fact, 57% of organizations now cite the impact of ransomware as their top concern.
But, while most use anti-phishing defenses (83%), very few use active monitoring as a defense against an attack in progress.
It’s a bad combination.
The REvil ransomware gang even started launching simultaneous distributed denial-of-service (DDoS) attacks, further complicating attack response and remediation.
As the impact of ransomware worsens and evolves, automated monitoring, detection, and response becomes increasingly critical to your business.
Though many forms of ransomware simply encrypt data and hold it hostage until a ransom is paid, other attackers use a more threatening approach.
The Lapsus$ gang skips the ransomware step. Instead, they export sensitive data and threaten public data leaks unless their extortion demands are met.
In early March, the high-profile electronic firms Nvidia and Samsung both fell victim to Lapsus$ attacks.
Nvidia confirmed an IT attack stole and exposed credentials for 71,000+ employees.
The Lapsus$ gang publicly demanded Nvidia remove cryptomining limitations and convert proprietary drivers to open-source.
If Nvidia refuses, Lapsus$ threatens to sell or leak proprietary intellectual property, such as driver source codes and chip designs.
The Lapsus$ gang also previewed a leak of stolen Samsung data related to critical security functions, such as:
- Source code for trusted applets used in cryptography and access control
- Biometric unlock algorithms
- Bootloader source code
- Samsung activation server source code
- Source code for authenticating and authorizing Samsung accounts, APIs and services
The attackers also claim to have seized confidential source code from Qualcomm, threatening to release it as well.
Think the impact of ransomware is only caused by individuals or criminal gangs?
You might be surprised to know that’s not always the case.
Researchers discovered a novel PowerShell backdoor, dubbed ‘PowerLess’, that deploys info stealers and keyloggers. It’s been used by the Iranian state-backed hacking group APT35 ( a.k.a Phosphorus or Charming Kitten).
This advanced persistent threat (APT) evades detection, allowing attackers to execute commands and kill running processes on compromised systems.
PowerLess attacks share IP addresses associated with the Momento ransomware, which has focused on VMware vCenter server attacks since last year.
With many cyberinsurance providers now denying coverage for incidents stemming from state-sponsored attacks, it’s another frustrating development.
Increasingly Complex Risk Analysis
With the impact of ransomware, supply chain attacks, and intellectual property theft, businesses are going to experience losses.
When it happens, will your insurance cover it?
These new attacks create uncertainty, likely leading to lawsuits over financial responsibility.
Cybersecurity insurance generally covers the company that purchases a policy, but not an incident within your supply chain.
Though general business loss policies might cover some losses, you’ll need to check if they exclude cyberattacks.
For intellectual property, valuation issues compound the loss.
For example, Samsung and Qualcomm’s security code is probably worth more than the book-value costs for programming the software.
However, cybersecurity insurance will probably be restricted to documented expenses, not its potential value.
Like all aspects of technology, ransomware and other cyberattacks continue evolving.
Anywhere there’s a weakness to found, attackers won’t hesitate to exploit it.
Your organizations should examine not only your own security protocols, but your supply chain and partners as well.
And as always, thoroughly read and understand your cyberinsurance policy’s coverage and obligations.
For help evaluating internal resources, or exploring options for checking your suppliers’ IT systems through penetration testing, contact Ideal Integrations at 412-349-6680, or fill out the form below.
Our experts will provide a no-obligation consultation on options and techniques to protect you and your business.