What are the Threats of Ransomware to the Remote Workforce?
PwC’s report Cyber Threats 2022 found ransomware incidents in 2022 made ransomware to be a major cybersecurity threat faced by organizations of many sizes and in many sectors. 1 Threat actors were able to circumvent security measures and successfully infect networks, from manufacturing to retail and beyond, extorting high ransoms. Governments and private companies responded to cyber threats with sanctions and blacklisting, which shut down the operations of at least one major ransomware group. Governments are exploring the continued use of sanctions as a way of hamstringing ransomware and other threat actors, as well as their access to and use of extorted and stolen funds.
Due to the fractured and fluid nature of ransomware groups, many cyber criminals simply moved to deploy their skills and capabilities in other, lesser-known brands and operations. Cyberattackers have also expanded their tactics, techniques, and procedures (TTPs). Credential stealing malware proliferated within the cybercrime ecosystem and bolstered the demand for Access-as-a-Service (AaaS) and other commoditized cyber-crime offerings, which powered cyber-enabled fraud and opportunistic attacks spanning multiple industries and countries.
Since 2020, ransomware attackers have become bolder and exfiltrated their victim’s data more often. Data exfiltration is the act of deliberately transferring sensitive data out of an organization without authorization. Many cyberattackers now exfiltrate their victim’s data before they encrypt their files, and then many announce that they have compromised a victim on a leak site (often on the dark web) and provide proof that they have downloaded this data. It is at that point when the cyberattackers set a deadline for a ransom payment, threatening to publish the data on the leak site if the victim refuses to pay.
Profit is a big driver of ransomware attacks, as many high-profile ransomware incidents attracted more interest in the scheme. Another driver is opportunity, as the bulk of the workforce shifted to remote work early in 2020, and remote work continues to be popular in 2023. As the number and distribution of devices and data continues to rise, organizations must focus their attention on prevention, detection, and response. Security controls that organizations can employ to this end are:
Visibility. Real-time monitoring and clear visibility are vital for rapid detection and neutralization of security threats. A security team with a comprehensive view of the endpoint and server activities is positioned to react swiftly to suspicious activity.
Identity. Through user and entity analytics, changes in behavior can be quickly investigated and threats can be neutralized.
Zero Trust. A Zero Trust model will include safeguards such as multi-factor authentication and encrypted communications. People, devices, and networks are all treated as inherently untrustworthy, ensuring that sensitive data is only accessed by identities with proven trustworthiness, and only when necessary.
Cyberattackers will continue their ransomware attacks as long as these attacks prove successful for them. In order to disrupt this trend, organizations should focus on expanding cybersecurity awareness throughout their organization, so that their employees will continue to practice defensive cyber security behaviors, whether they are in the office, working remotely, or are on the road.
1 PricewaterhouseCoopers LLP, 2023, “Cyber Threats 2022: A Year in Retrospect”