Ransomware poses the greatest threat to organizations and their day-to-day operations, resulting in increased complexity and costs for protecting digital environments. In South Africa alone, cybercrime is estimated to cost R2.2 billion annually, with financial, reputational, and operational consequences for targeted organizations.
How has ransomware evolved?
The evolution of ransomware has seen cybercriminals progressing from fake antivirus software to posing as law enforcement online, ultimately leading to the rise of encryption malware in 2015. This enabled hackers to lock device files until a ransom was paid, facilitated by the anonymity of cryptocurrencies like Bitcoin. Attack methods shifted from indiscriminate mass-mailing to more targeted infiltrations, gaining administrative rights and encrypting specific files within networks.
Why does it evolve?
As ransomware attacks become more sophisticated, attackers employ various tactics to coerce victims into paying, such as staged data publication, threats of distributed denial of service (DDoS) attacks, and social media harassment of clients and suppliers. These criminals adapt to changes in their environment, responding to factors like improved cybersecurity measures, law enforcement effectiveness, financial institution interventions, regulatory shifts, and operational security weaknesses within their networks.
While there was a temporary decrease in ransomware activity in 2022, organizations must remain vigilant and proactive. Future ransomware strategies are predicted to involve targeting zero-day vulnerabilities, enhanced operational security within criminal networks, revenue optimization through automation, and a focus on Linux cloud servers and other platforms.
What must organizations do?
Organizations should adopt a comprehensive cybersecurity strategy encompassing people, processes, and technology to prevent and mitigate ransomware attacks. This includes regular security awareness training for staff, complete visibility of the network, threat modeling to identify risks and implement necessary controls, and the adoption of solutions like attack surface risk management and extended detection and response (XDR). A Zero Trust strategy, coupled with an incident response plan and secure backup systems, further mitigates the impact of potential cyberattacks.
By recognizing the significance of a robust security posture and staying abreast of evolving threat tactics, organizations can effectively protect themselves against the next wave of ransomware. Cybersecurity professionals play a crucial role in adapting to emerging challenges and securing businesses from potential cyber threats.
By Emmanuel Tzingakis, Technical Lead: Sub-Saharan Africa at Trend Micro