There has been a lot of talk lately about ransomware as a service and ransomware as a service attacks across supply chains. A new tactic is now being applied: “pay us not to attack you“, as reported by Howard Solomon on the itworldcanada website.
There are cases of attackers bold enough to launch attacks in which they ask for payment to stay away, according to Sumit Bhatia, director of innovation and policy at Rogers Cybersecure Catalyst, Ryerson University. With this tactic, they demonstrate to an organisation their ability to attack, but they do not go through with it. However, they warn the organisation that it must pay them in order to stop the full-scale attack. They generally do so with organisations that lack the resources or expertise to modify or adjust systems in time to prevent a future attack.
In parallel to this new form of cybercriminal action, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its partners in Australia and the United Kingdom issued an alert due to an increase in sophisticated, high-impact ransomware incidents against critical infrastructure worldwide.
In this ransomware alert, the agencies noted that in the past year they had seen attacks against major critical infrastructure sectors, including defence, food, government, healthcare, financial services, energy and higher education.
If the ransomware criminal business model continues to generate financial returns for its actors, incidents related to these attacks will become more frequent.
The alert describes attacker behaviours and trends, as well as recommended mitigations:
- Patch operating systems and corporate applications.
- Secure and monitor remote access services used by employees and partners.
- Require multi-factor authentication for as many services as possible.
- Require the use of strong passwords, especially service, administrator and domain administrator accounts.
- Use Linux security modules on systems running this operating system.
- Segment networks.
- Use end-to-end encryption in online communications.
- Ensure that all backup data is encrypted.
- Other actions that increase the system security.
Small businesses should not think that they will not be attacked. Attackers may go after small businesses that are partners with the larger companies they attack, either because they have valuable customer data or because of intellectual property.
These small businesses can enforce good cybersecurity if they focus on the basics: attackers look for easily exploitable vulnerabilities, including misconfigured systems. By simply making sure the basics are covered, such as having a solid program or being aware of their assets, they will be ahead of other companies that rely on advanced technology and ignore the fundamentals.