Ransomware Attacks are not a new think. The first attack occurred towards the end of the 20th century. In 1989, 20,000 floppy disks, infected with malware, specifically the PS Cyborg virus, were sent to attendees of the World Health Organization’s (WHO) international AIDS conference, causing files to become encrypted. The demand? A payment of $189 to a post office box in Panama. This early instance of cybercrime set the stage for what has become a modern plague.
Fast forward to today, and ransomware has evolved significantly. According to Palo Alto Networks, in 2020, the average amount demanded in a ransomware attack was $312,493, a 171% year-on-year increase. The sum is pennies in comparison to $10 million, the highest ransom amount paid in history.
Ransomware: A Modern Pandemic
Thought COVID-19 was the only virus causing global mayhem? Ransomware, a form of cyber virus, is just as dangerous, if not more so. A lockdown will not stop the spreading of this cyber threat. When attacked by ransomware, the victim’s files and systems are encrypted. Rendering them unavailable until a payment is made in return for a decryption key.
New and more dangerous variants of ransomware continually emerge, similar to how biological viruses mutate. These cyberattacks have become more sophisticated, often involving multiple layers of compromise. Social-engineering tactics, such as phishing emails, are commonly used to deceive victims into revealing passwords or downloading compromised files. Once inside the system, attackers exploit vulnerabilities to execute the malware.
Lindy Cameron, chief executive of the UK’s National Cyber Security Centre, says that ransomware has become the biggest threat to British people and businesses. Similarly, in the US, FBI Director, Christopher Wray, has likened the challenge of ransomware to that of 9/11. He said, “There are a lot of parallels”. The rise in ransom demands and payments are just the tip of the ransomware iceberg.
The Growing Threat of Ransomware Attacks
Ransomware attacks are becoming more frequent and dangerous. According to Bitdefender’s 2020 Consumer Threat Landscape Report, ransomware attacks surged by nearly 500% between 2019 and 2020. This spike is attributed to the increasing success of ransomware attacks. Many victims pay the ransom, making this form of hacking highly lucrative for cyber-criminals. Additionally, the rise of cyber insurance policies that cover ransomware payments makes victims even more appealing targets.
Payments are often demanded in cryptocurrency, making it difficult for authorities to track the cyber-criminals behind the attacks. Furthermore, ransomware-as-a-service (RaaS) has lowered the barrier to entry for hackers. Now, even those with limited technical skills can deploy ransomware, amplifying the threat.
Threat to National Security
The RaaS model has escalated the danger posed by ransomware. Malicious actors—ranging from lone hackers to organized cyber-criminal groups and even state-sponsored adversaries—can now cause widespread damage. Cyber attacks on critical infrastructure, such as healthcare, government agencies, and energy sectors, have severe real-world consequences.
For example, ransomware attacks can compromise Operational Technology (OT) assets, disrupting essential services. When OT systems are compromised, the physical operations they control are also impacted, jeopardizing national security. In such cases, denial-of-service (DoS) attacks can render essential systems inoperable, while sensitive information may be stolen or destroyed.
Cyber-criminals use sophisticated social-engineering tactics, steal authentication credentials, and exploit software vulnerabilities to carry out their attacks. These intrusions are often preceded by data breaches, adding further pressure on victims to comply with ransom demands.
Common Ransomware Attack Methods
Hackers have multiple methods at their disposal to deliver ransomware:
| Attack | Infiltration |
| Phishing | Victim clicks on links to fake websites, or unknowingly download malicious files, both of which install the ransomware on the victim’s device. |
| RDP credentials | Attackers steal RDP credentials, which are often weak, and gain access to the server. Endpoint detection is bypassed, and the perpetrator can begin the attack. |
| Software vulnerability | Exploiting vulnerabilities provide attackers with an open door to the enterprise. Confidential data can be accessed and stolen, and ransomware can be injected. |
| Rogue devices | A lack of hardware security allows rogue devices to go undetected. By not raising any security alarms, the devices can quietly inject ransomware. |
Importance of Hardware Security
Various government agencies and cybersecurity entities provide recommendations on how to minimize the risk of a ransomware attack. And, while being valuable, such recommendations tend to fail to recognize the importance of hardware security, a security domain that goes sorely neglected, leaving enterprises exposed to hardware based attacks. Without hardware security, the Physical Layer remains uncovered. Thus allowing Rogue Devices to go undetected as they operate on this layer. Spoofed Peripherals are manipulated on the Physical Layer and impersonate legitimate HIDs, being detected as such by endpoint security software. Network Implants go entirely undetected by network security solutions, including NAC. This is because they sit on the Physical Layer, which such solutions do not cover. Rogue Devices’ immunity to existing security measures means attackers can easily infiltrate a target without raising any alarms and, from here, inject malicious code.
Sepio Solution
Sepio’s Asset Risk Management (ARM) solution provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also protects against hardware-based attacks. As the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects and handles all peripherals. No device goes unmanaged. Sepio’s uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints. In doing so, Sepio’s can provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure.
In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. When a device breaches the pre-set policy, Sepio’s automatically instigates a mitigation process that instantly blocks unapproved or Rogue hardware.
Protect Your Organization
Understanding ransomware and its methods is crucial for strengthening defenses. With comprehensive hardware security, threat intelligence, and robust computer-security practices, enterprises can mitigate risks and protect their sensitive information.
Talk to an expert today to learn how Sepio’s patented technology can help you achieve complete asset visibility and secure your infrastructure from modern cyber threats.
