Crypto craze is fueling ransomware attacks

July 1, 2021
Organizations can protect themselves by proactively adopting strategies that prevent ransomware attacks or accelerate recovery

Ransomware attacks have accelerated in recent years, and for the first time, consumers are feeling the pinch. In the recent Colonial Pipeline and JBS attacks, cybercriminals disrupted gasoline and meat supplies, causing an artificial run on both commodities. In fact, FBI Director Christopher Wray recently compared the current ransomware challenge and threat of cyberattacks to the September 11, 2001 terrorism threat

The surge in popularity of cryptocurrencies like Dogecoin — which hit a peak of $0.74 on May 8 — certainly doesn’t help. Dogecoin and other cryptocurrencies have entered the mainstream. Easy access to cryptocurrencies streamlines the payment of ransoms and encourages cybercriminals to continue these types of attacks.

So, how can leaders shield their organizations from ransomware attacks? They need to invest in preventative solutions. In the event of an attack, a comprehensive backup strategy will help your organization get back online quickly, minimize the impact of the attack, and potentially eliminate the need to pay a ransom.

Cryptocurrency Enables Cybercriminals

When corporations shell out millions of dollars in cryptocurrency to pay a ransom, it tells cybercriminals that corporations are willing to negotiate and cooperate with their demands. In turn, this can lead to more attempts — and not just on businesses. Take, for example, NitroRansomware, a new threat that targets consumers by encrypting victim's files and then demands a $9.99 Discord gift code in exchange for a decryption tool.

Unfortunately, regulators are behind the curve on cryptocurrency. If legislation required cryptocurrency exchanges to comply with existing laws, it could go a long way toward helping organizations avoid paying ransom and improving our ability to trace payments.  

While I don’t advise companies to pay ransom, sometimes it is unavoidable. In the case of Colonial Pipeline, the chief executive officer (CEO) says he made the decision to pay the $4.4 million ransom — made in Bitcoin — because “it was the right thing to do for the country.” But the decryption tool they received in exchange for the ransom payment did not immediately restore the pipeline’s systems and instead resulted in a six-day shutdown. The takeaway: Even paying the ransom is no guarantee that your systems will be restored.

How to Protect Your Company from  a Ransomware Attack

Although a majority of chief information security officers (CISOs) currently hold cryptocurrency to pay cybercriminals in the event of an attack, stockpiling crypto-only signals to cybercriminals that your organization is willing to pay. Proactivity is a better approach.

There is a handful of prevention and recovery measures you can put in place to minimize the impact a cyberattack can have on your business and potentially avoid the need to pay a ransom.

  1.  24/7 Monitoring: Cybercriminals often strike on holidays or at 3 a.m. on a Sunday. That’s why you need to invest in a 24/7 security operations center (SOC) or work with a partner that has one. This SOC is responsible for continuously monitoring security, the threat profile and activity in your environment. Whether you outsource or create an internal incident response team, a SOC can help you understand the current threat landscape and improve your readiness to respond if an attack occurs. If you outsource, the on-call SOC staff can take care of the initial response to an attack and execute a defined plan while your organization focuses on maintaining business continuity.
  2. Endpoint Detection and Response Solutions: Endpoint detection and response (EDR) solutions are critical for cybersecurity — especially if your organization employs remote workers. EDR solutions use behavior-based algorithms and learning to detect and contain ransomware. The algorithms actively monitor for any odd behaviors and effectively stop them. Since EDR is a human-operated technology, an IT team immediately follows up on alarms. Through remediation, IT can then ensure the perpetrators never attempt the same attack twice at your organization.
  3. Security Training: Schedule and conduct cybersecurity training for all of your employees — it’s the only way to make sure they understand the seriousness of the threats and how to protect your business. Training should include how to identify scams like phishing emails or phone calls that ask for network specifics or employee credentials. Once you’ve trained your employees, conduct phishing tests to ensure the training is working.
  4. Security Metrics: If you want to protect your organization, you need to know what’s going on in your environment. Start by establishing key performance indicators (KPIs) — like your infection and patch rate — to monitor cybersecurity performance. Additionally, your management teams must be kept in the loop regarding plans on how to respond to a potential cyberattack, as well as what might happen if you do have to shut down operations to recover.
  5. Business Continuity and Disaster Recovery (BC/DR) Planning: A BC/DR plan is vital to maintaining business operations. This plan should include backing up critical business systems and data so copies are available from at least one alternate location. Regularly update your plan and include specific procedures to follow when a cyberattack occurs.

Prepare for the Inevitable with Proactive Solutions

Ransomware attacks are on the rise. But there are many ways your organization can prepare. Rather than stockpiling crypto, focus on preventative measures. By proactively adopting strategies that prevent ransomware attacks or accelerate recovery, you can protect your organization from being held hostage.

About the author: Matthew Rogers joined Syntax as the company's Chief Information Security Officer of the Americas in August 2020. In this role, Rogers works with Syntax's Global Product Management team to develop innovative security solutions for Syntax's global customers. He also leads Syntax's Security Operations team for the Americas region. He has designed, implemented and staffed cybersecurity programs and strategies for almost 15 years.