Ransomware will continue to plague businesses in 2020

Source: Travelex website. Statement on "IT issues affecting Travelex services".

Travelex was the victim of a ransomware attack in late 2019, and the repercussions were still being felt in early January 2020. The foreign exchange group is present in many locations around the world, and has partners in others. Customers have been unable to access many Travelex services, while major banks whose services relied on Travelex have in turn been unable to offer their services.

Source: Veritas. Rajendran.

Such scenarios are likely to multiply. Ransomware is now big business, says Ravi Rajendran, VP and MD, Asia South Region, Veritas. “To stay ahead of the cat and mouse game, cybercriminals’ techniques will evolve in response to more rigorous company policies. We’re already seeing the beginnings of a secondary illegal market for stolen credentials. On the dark web, ransomware is fuelling the rise of a burgeoning market that makes it quick and easy for cybercriminals to gain remote access to corporate systems.

“This boom is being supported by a shifting attack strategy that will only become more embedded in 2020. Ransomware attackers will increasingly target their efforts, not on existing employees, but on adjacent targets and other accounts with access to the systems of their intended victim. This includes outside contractors, freelancers, partners and approved vendors.”

Ransomware, everywhere

Source: LogRhythm. Wong.

And why go just for businesses? LogRhythm suggests hackers will go further with ransomware. “Given ransomware’s proven track record, it’s time for hackers to take it to new markets. Critical infrastructure is a prime target: while most ransomware isn’t built to target this type of infrastructure, it can still be used in those environments, and shutting down a power grid is certainly going to yield a significantly higher than average payout – not to mention it could lay the foundation of distrust in the government’s ability to protects its citizens.

"Critical infrastructure is due for another significant breach anyway, making 2020 the perfect opportunity to introduce ransomware into this space,” said Joanne Wong, Senior Regional Director for Asia Pacific & Japan at LogRhythm.

Source: CyberArk. Lazarovitz.

Lavi Lazarovitz, Group Research Manager, CyberArk, suggests that cybercriminals will also target ransomware at non-Windows environments. “The absence of spectacular ransomware attacks like Petya doesn’t mean attackers have stopped investing in malware. They’re just shifting their focus.

"In many ways attackers subscribe to the 'if it ain’t broke don’t fix it' mentality. The malware families that have been around for years still work, and are effective for many reasons, mostly because many organisations still neglect to adhere to basic patching practices.

“That said, attackers keep looking for new ways to monetise their assaults. If they’ve got malware that is steadily performing in Windows environments, what’s the next target? Wanting access to a greater diversity of systems, including cloud environments and containers, we’ll begin to see innovation in ransomware that focuses more on Linux to take broader advantage of digital transformation trends,” said Lazarovitz.

Holding on to a sure thing

And where there is activity, infrastructure springs up to support it and ironically, fuel it. Lazarovitz said, “Despite government warnings not to pay the ransom in ransomware attacks, more organisations are turning to cyber insurance to protect their assets and uptime. We expect to see a significant increase in the number of entities buying cyber insurance, making it one of the fastest growing markets related to cybersecurity.

“However, this investment in 'protection' is having a contrary effect – and will drive even greater waves of attacks. Attackers will target organisations with cyber insurance because of the high likelihood of getting paid. This is because insurance companies weighing the cost benefits of a payout will often choose to do so if the cost of the ransom is less than the cost of downtime needed to rebuild a network. Ultimately, this gold rush will benefit attackers – tilting the power in their direction, fuelling resources and spurring the need for policy changes and disruption across the insurance industry.”