Over the past few years, ransomware has posed one of the greatest cybersecurity threats to organizations across the globe. Today, most experts would likely agree that ransomware poses the single biggest threat. Ransomware impacts all types of organizations - public and private, large and small - across virtually every industry. Take a look at the news in any given week, and you’ll see headlines about major attacks against a diverse group of victims. For example, in the span of one week in April, the NBA’s Houston Rockets, Japanese video game developer Capcom, Dutch transport company Bakker Logistiek and French pharmaceutical and cosmetics giant Pierre Fabre all revealed that they were hit by ransomware. The problem is everywhere.
The business of ransomware
Ransomware is on the rise for many reasons. For one, it’s continued to become more and more profitable as cybercriminals have been demanding and receiving steadily increasing ransom payments. But there’s also a new factor driving the surge in ransomware: ransomware-as-a-service has made it extremely accessible. In the past, cybercriminals had to be sufficiently tech-savvy to develop malware and execute successful attacks. This required a background in software development to create ransomware and a solid understanding of security architectures to penetrate a victim’s defenses.
However, as ransomware attacks became increasingly lucrative, a black market for ransomware-as-a-service emerged. Like any legitimate technology offered “as a service,” Ransomware-as-a-Service makes a previously complex process simple and convenient, allowing anyone with the time and inclination to leverage it. As a result, criminals with little or no IT background are now able to capture a major organization’s most critical data. Stats illustrate that Ransomware-as-a-Service has helped fuel a significant boom in ransomware attacks: According to a recent cybersecurity study, nearly two thirds of ransomware attacks in 2020 were launched using Ransomware-as-a-Service.
Ransomware-as-a-Service schemes operate under an affiliate model: cybercriminals purchase or lease malware from seasoned developers with experience in writing ransomware software. The cybercriminals then deliver that ransomware to organizations across the globe via email, plug-ins, infected software and Remote Desktop Protocols. When one of those organizations falls victim, losing control of their data and eventually paying a ransom, the cybercriminals send a portion of the profits back to the ransomware developer. They even manage and track the process as campaigns, just like normal sales or marketing efforts.
The need for better defense
With Ransomware-as-a-Service driving a massive increase in ransomware attacks, enterprises and government agencies need to rethink how they defend themselves. Most organizations continue to rely on the same common approaches to thwarting ransomware. However, as the statistics and headlines show, these approaches are insufficient. For example, many companies employ robust perimeter security solutions, such as firewalls, but these solutions can be circumvented with phishing emails, which is the most common channel for a ransomware attack. To mitigate the threat of these email attacks, enterprises rely on phishing training to educate employees so they can identify such emails and avoid clicking on their infected links and attachments. However, phishing emails have become increasingly sophisticated and able to fool even the most well-trained employee (and it only takes one employee to make a mistake for ransomware to infiltrate and cripple an organization). While perimeter security solutions and phishing training are helpful best practices that every organization should use, they’re simply not enough.
With ransomware becoming more sophisticated and Ransomware-as-a-Service making it easier than ever to launch an attack, organizations need a better way to defend themselves. Ultimately, the only way to truly protect against ransomware is to safeguard data right where it resides - at the storage layer.
Data immutability
More specifically, organizations must leverage immutable storage to protect their backup data. This is the only way to guarantee fast recovery from ransomware attacks, without being forced to pay a ransom. Immutable storage is cost efficient and simple to use: Once a backup data copy is written, that backup cannot be altered or erased, making it impossible for ransomware to encrypt that data. If a ransomware attack does occur, organizations can rapidly restore their data from the most recent backup through a normal recovery process. There’s no need to pay a ransom and minimal downtime.
Object Lock, a new feature that is supported by certain enterprise storage systems, is an important part of immutable storage. With Object Lock-enabled systems, backup data can be protected from ransomware as part of an automated workflow, with no manual intervention required. Because Object Lock leverages the industry-standard S3 API, there are a variety of storage vendors, data protection software vendors and cloud providers that support it.
Ransomware-as-a-Service is just one of the latest innovations that’s increasing the threat of ransomware. Cybercriminals will develop other new methods in the future to make ransomware even more pernicious. Existing countermeasures such as perimeter security solutions and employee phishing training no longer provide sufficient protection against this threat. Thankfully, there is one sure-fire defense. Immutable Object Lock-enabled storage offers a way for every organization to safeguard its data.
