CISO MAG, in association with Cybereason, conducted a virtual round table discussion on “The State of Ransomware”.
The panel discussed the evolution and the new trends in ransomware attacks. Grab the snippet of the discussion below…
Since the past decade, ransomware has been one of the most common types of malware deployed during a cyberattack. However, if anyone asked to place a finger on a year that marked the sudden surge of ransomware, it would be 2020.
As per a recent report, in the past year (from H2 2019 to H1 2020), there have been more than 500 successful ransomware attacks in over 45 countries that were reported officially. This means every single day there has been more than one ransomware attack around the globe. Experts believe this number could even double if all attacks were reported. The financial damages arising from ransomware attacks during the time period have accounted for over $1 billion ($1,005,186,000) and the future forecast predicts this number to rise 20 times to $20 billion by 2021.
So, how do you tame the raging bull going by the name “Ransomware”? To take on the bull by its horns, CISO MAG, in association with Cybereason, conducted a virtual round table discussion on “The State of Ransomware.” The discussion was moderated by Cybereason’s Tarek Kuzbari, Regional Director Middle East & Turkey, who was joined in by Eng. Abdullah Biary, CISO at SALAMA Cooperative Insurance Co., and Hamad Al Katheri, Enterprise Risk & Information Security Vice President, Zain.
The discussion was led on the following key points:
Evolution of Ransomware
Since the turn of the century, cybercriminals started playing with human psychology and spread emails consisting of fearful or anxiety-inducing content to pressurize readers into clicking malicious links, which further installed malware. This technique was adopted by ransomware gangs, which, after installing the malware on an individual’s computer, encrypted the data and left a ransom note in exchange for the decryption key. This modus operandi worked perfectly for years but gave smaller returns to threat actors. Thus, came the next step in the evolution – targeting bigger organizations.
“Ransomware attacks have now become daily news. You pick up your paper or mobile phone and there it is, so and so company has been hit by a ransomware attack written in BOLD”
– Tarek Kuzbari, RD Middle East and Turkey, Cybereason
Answering Tarek’s questions as to why the shift towards bigger company’s and not individuals, Abdullah Biary said, “It is simple. Moving from individuals to bigger organizations gave threat actors better returns. Large corporations have critical and sensitive data, which, if leaked, could cause not just monetary but reputational damages. These are not easy to repair.” And thus, threat actors leveraged on this exact fear.
Current Trends and New Tactics
Ransomware has certainly not reached its final stage of evolution. Ransomware gangs now download critical data from the victims even before encrypting their machines. They use this data as a means to negotiate. If the victims fail to pay the ransom, they threaten them by hosting data auctions on the dark web. In fact, REvil, an infamous ransomware gang, has already staged an auction website to sell the stolen data who refuse to pay ransom. In Hamad’s words, “this is Blackmail,” and it indeed is.
Tarek also raised a very important issue of ransomware being sold “as-a-Service” (known as RaaS). Abdullah Biary agreed by saying, “Yes, this has simply taken off. They are distributing it as Ransomware-as-a-Service to earn some extra money and collaborate. They are uniting and so should we in its defense.”
Tarek asked Hamad whether there was a missing gap in ransomware that adds to our pain point, to which he replied, “Gaps are there, and they have always been there. There is nothing one can do about it other than continuously monitoring and fixing these gaps proactively.”
Lessons from the Field
Humans and Technology
Time and again it has been said that humans are a weak link, and the panelists echoed this thought. Hamad said, “The human factor in security is the most dreaded. Small mistakes like delayed patching or updating the systems and application cause the reason for exploitation.” Abdullah seconded Hamad by saying, “More than technologies like the XDR and MDR, organizations need rightly-skilled cybersecurity workforce. This is the need of the hour.”
“More than technologies like the XDR and MDR, organizations need rightly skilled cybersecurity workforce. This is the need of the hour. Humans can make or break security.”
– Abdullah Biary, CISO, Salama Coop. Insurance Co.
To Pay or Not to Pay, That is the Question
The U.S. Department of the Treasury (OFAC) recently announced that paying ransom to cybercriminals is now illegal. Governing bodies around the globe have always condemned ransom payments, but this is the first instance where it has actually been documented that paying up a ransom is illegal. Thus, taking the discussion forward, Abdullah said, “We should not, but it is situational.” Giving the example of the recent death of a person due to delayed medical aid since the hospital was hit by a ransomware attack, he said, “This is an exception. It’s a matter of life and death and nothing comes above saving a life.”
Hamad had similar views and said, “This should be the last resort. If you pay then you are a potential customer to the bad guys, they will come back to you. Also, there is no guarantee of getting your data back. So, why pay? However, this is always a difficult choice, to pay or not to pay.”
How to Better Protect Your Organization from Ransomware
As stated earlier, we are far from the end of the tunnel of ransomware attacks. They are only beginning to fizzle up. Probably, the worst is yet to come. So, how do we strengthen our defenses against a ransomware attack? Tarek asked this question to both panelists and they gave our participants some good insights.
Abdullah said, “Constant monitoring along with frequent penetration testing and vulnerability assessment is utmost important.” Additionally, he also recommended one more thing that he asks his own team to follow – “keeping track of all assets.” He suggests, “With accountability of all assets of internal teams, you know what you need to defend and be ready for an attack at all instances.”
Adding to this, Hamad suggested the adoption of a proactive approach. “Do not wait until it happens. Defend as if it is definitely going to happen.” He reminded the participants of the popular cybersecurity adage, “A good guy (defense) needs to be right all the time, but a bad actor (offense) needs to get it right just once.”
“Your data is a crowned jewel. Always encrypt it, else it will be bad very bad.”
– Hamad Al Katheri, Enterprise Risk & Information Security VP, Zain
Lastly, Tarek asked our panelists to pick the top three pieces of advice that could be the crown jewels for the fight against ransomware attacks, to which both unanimously agreed upon the following:
- Identify your assets: Understand what needs to be protected based on the risk analysis reports from the internal teams. And as Hamad said, “Your organization’s data is a crown jewel. Always Encrypt it.”
- Define critical business flows: Gather as much information as possible. You need to ask all stakeholders to submit what they believe is most critical to the business flow. Every team has a different perspective. So, considering every perspective will help you design a better guideline for security.
- Convey and convince the business leadership: This step is very important. Return on investment (ROI) is something that business leaders are always interested in. Explaining to them why investing in protection against a cyberattack, which might or might not take place, could be tricky. Abdullah suggested, “Talk to them in their own language. Show them numbers and make them understand the importance of investing in cybersecurity.” Hamad added, “There is no room for regret in cybersecurity. Investing the money once you are already attacked does not make sense. Do it when there is still hope.”
The virtual round table was attended by nearly 100+ participants and the insightful discussion kept them glued to their screens throughout. CISO MAG would like to take the opportunity to once again thank Mr. Tarek Kuzbari, Eng. Abdullah Biary, and Hamad Al Katheri for their valuable time and meaningful insights on “The State of Ransomware.”
About the Interviewer
Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.