As organizations start to look ahead to their cybersecurity defenses and budgets for 2022, it is clear that the landscape is going to be dominated by the fear of a ransomware attack.
With hackers now taking steps to exfiltrate corporate data as ‘insurance’ before revealing their attack and making a demand for payment, the days of organizations being able to rely on data back-ups to thwart ransomware attacks are over.
Two of the most recent examples are the December 2021 attacks at German logistics company Hellmann and the US state of Virginia. With Christmas fast approaching, neither situation has been effectively resolved.
In a December 16 update on the management of its cyberattack, Hellmann said its business operations are largely running again and it is confident that it can soon eliminate the remaining restrictions and return to operating at full capacity.
It said that a forensic investigation confirmed that data was extracted from its servers before its systems were taken offline on December 9. It added that it is currently investigating what type of data was extracted and would provide further information as soon as possible. It said that it is in regular contact with relevant government authorities and warned its customers and partners to be on the lookout for fraudulent calls and emails. The threat actor responsible for the ransomware attack is said to have published stolen data on a leak portal totaling 70.64GB of documents.
In the US state of Virginia, an information technology agency that serves Virginia’s legislature said it is still working to fix problems caused by a ransomware attack earlier in December. The attack, on Virginia’s Division of Legislative Automated Systems, substantially affected operations amid preparations for a new legislative session that is set to start on January 12, 2022.
The two attacks highlight the chaos a ransomware attack can inflict on both private and public sector organizations.
Despite the Biden administration in the US trying to counter ransomware by attempting to disrupt ransomware actors, facilitators, networks, and financial infrastructure—including the ‘abuse’ of virtual currencies to launder ransom payments—ransomware attacks are unlikely to dissipate in 2022.
Triple extortion ransomware
In fact, 2022 is likely to see an increase in so-called ‘triple extortion ransomware’, where a business is hit with an initial ransomware attack, which completely incapacitates it. The business’s partner is then faced with an extortion threat of either paying the business’s ransom or losing the supplier to incapacity as the business attempts to regain control of its systems.
Ransomware threats will continue to grow unless governments and technological innovations can significantly change the cost-benefit calculation for attackers. As it stands, ransomware is simply too lucrative for criminals to ignore. Indeed, it is likely that new tactics will emerge from attackers as they become shrewder and anticipate counter-negotiation strategies.
Organizations’ increased reliance on remote working has changed from being a temporary measure to help curb the spread of the virus to become a more permanent strategy for many businesses. That has also reshaped the threat landscape and created new opportunities for attackers to change their approach.
It is not beyond the realms of possibility to see possible future means of extortion arriving in the form of a protection racket, where companies pay ransomware operators not to attack them.