In May 2021, a ransomware attack caused five days’ disruptions to the Colonial Pipeline fuel supply chain in 17 states in the US. The company was forced to pay a ransom of USD 4.4 million. Similarly, JBS – the world’s largest meat processor – also had to pay USD 11 million to deal with a similar attack.<\/span><\/p>\n According to a IBM report, the average ransomware attack costs USD 4.54 million, not including the ransom itself. This figure includes many costs such as downtime, reputational damage, and new security measures. Check Point’s research shows that the actual total cost of a ransomware attack is nearly seven times higher than the ransom amount.<\/span><\/p>\n A forecast reveals that ransomware will cost its victims around USD 265 billion annually by 2031, with a new attack every two seconds.<\/span><\/p>\n (Figure 1). Ransomware is considered the fastest growing type of cybercrime, according to Cybersecurity Ventures.<\/span><\/i><\/span><\/p>\n According to the 2022 Verizon Data Breach Investigations Report (DBIR), ransomware attacks increased by 13%, which was the biggest increase in the past five years combined (Figure 2). This alarming pattern indicates that ransomware attacks are becoming more dangerous.<\/span><\/p>\n Figure 2: Number of ransomware breaches over time (the 2022 Verizon DBIR Report)<\/span><\/i><\/span><\/p>\n In addition to posing a threat to certain industries, ransomware has spread to an array of sectors, including transportation, telecommunications, finance, healthcare, education, law, manufacturing, food, and also law enforcement (Figure 3). Regardless of company size, both large and small enterprises run the risk of being targets of this kind of cybercrime. Any organization, business, or individual in cyberspace can become a victim of ransomware.<\/span><\/p>\n Figure 3: Most ransomware attacked industries sourced from leaked website data (Palo Alto Unit 42, 2022 Ransomware Threat Report)<\/span><\/i><\/span><\/p>\n Ransomware has become the most significant cybersecurity threat today and a top priority for Chief Information Security Officers (CISOs) due to its evolution into a well-organized business model for cybercriminals.<\/span><\/p>\n Ten years ago, ransomware was the target of only a few digital criminals. However, as more and more attacks occur, it has developed into a professional criminal industry. Ransomware has become the center of an entire ecosystem created by cybercriminal groups. Along with developing malware, they also provide support services so that victims can contact them and pay the ransom.<\/span><\/p>\n Moreover, the Ransomware-as-a-Service (RaaS) model emerged, in which malware creators offer their tools to clients referred to as “affiliates”. Even without much technical knowledge, affiliates can spread malware. In the end, the ransomware operator and its affiliates share the ransom. This model creates an environment in which ransomware attacks can be executed by non-technical people as well (Figure 4).<\/span><\/p>\n Figure 4: Ransomware-as-a-Service (RaaS) model (Varonis, 2021)<\/span><\/i><\/span><\/p>\n Another significant reason in why ransomware has become a serious threat is that hackers use a variety of extortion tactics after gaining control of an organization’s data and resources (Figure 5).<\/span><\/p>\n Today, hacker groups often use up to four extortion techniques, called “quadruple extortion”, to put more pressure on victims to pay ransom:<\/span><\/p>\n The variety of techniques used in ransomware extortion shows how dangerous this type of cybercrime is and the importance of implementing effective prevention and response measures. When attacked, the organization will be incapacitated because it cannot access its data. Systems can be down for days or weeks, causing a severe impact on business operations.<\/span><\/p>\n Figure 5: Four phases of ransomware extortion (Trend Micro Research, 2021)<\/span><\/i><\/p>\n Given its sophisticated extortion techniques and unpredictable consequences, ransomware might easily cause significant financial losses and serious reputational damage to organizations. Therefore, organizations frequently agree to pay large ransoms to resolve the problem quickly.<\/span><\/p>\n However, satisfying the demands of hackers would only lead to an increase in criminal activities and an uncontrollable downward spiral. Therefore, effective prevention and response is critical to protecting data and business operations from ransomware risks.<\/span><\/p>\n Ransomware infects systems through the three most common attack vectors; remote desktop protocol (RDP, SSH), phishing and security vulnerabilities in web applications. Attackers use different tools for each infection vector, as in Figure 6.<\/span><\/p>\n Figure 6: Types of action vectors in ransomware incidents (Verizon DBIR Report 2022)<\/span><\/i><\/p>\n How to stop this threat or how to detect when we are under attack is the question we need to answer.<\/span><\/p>\n To effectively defend against ransomware, organizations must deploy a comprehensive strategy that includes the following measures:<\/span><\/p>\n By concurrently putting the above measures in place to safeguard data and business operations, organizations will greatly increase their ability to combat ransomware and several other cyberthreats.<\/span><\/p>\n Information Security Incident Response Team<\/i><\/b><\/p>\n Cyber Security Center – FPT IS.<\/i><\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"author":3,"featured_media":15539,"parent":0,"template":"","nang_luc":[790,821],"danh_muc_goc_nhin_so":[789],"dich_vu":[540,551,712],"linh_vuc":[],"platform":[],"san_pham":[],"the_goc_nhin_so":[],"class_list":["post-15537","goc_nhin_so","type-goc_nhin_so","status-publish","has-post-thumbnail","hentry","nang_luc-experts-sharing","nang_luc-security","danh_muc_goc_nhin_so-expert-sharing","dich_vu-data-center","dich_vu-digital-gov","dich_vu-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/goc_nhin_so\/15537","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/goc_nhin_so"}],"about":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/types\/goc_nhin_so"}],"author":[{"embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/users\/3"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/media\/15539"}],"wp:attachment":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/media?parent=15537"}],"wp:term":[{"taxonomy":"nang_luc","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/nang_luc?post=15537"},{"taxonomy":"danh_muc_goc_nhin_so","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/danh_muc_goc_nhin_so?post=15537"},{"taxonomy":"dich_vu","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/dich_vu?post=15537"},{"taxonomy":"linh_vuc","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/linh_vuc?post=15537"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/platform?post=15537"},{"taxonomy":"san_pham","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/san_pham?post=15537"},{"taxonomy":"the_goc_nhin_so","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/the_goc_nhin_so?post=15537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"1\"](\"https:\/\/cdn.fpt-is.com\/vi\/1-700x290.png\")
<\/p>\n![\"2\"](\"https:\/\/cdn.fpt-is.com\/vi\/2-700x337.png\")
<\/p>\n![\"3\"](\"https:\/\/cdn.fpt-is.com\/vi\/3-700x470.png\")
<\/p>\nThe ransomware spread \u201cservice\u201d<\/b><\/h2>\n
![\"4\"](\"https:\/\/cdn.fpt-is.com\/vi\/4.png\")
<\/em><\/p>\nMultiple cases of blackmail damage<\/b><\/h2>\n
\n
![\"5\"](\"https:\/\/cdn.fpt-is.com\/vi\/5-700x642.png\")
<\/p>\nHow does ransomware spread?<\/b><\/h2>\n
![\"6\"](\"https:\/\/cdn.fpt-is.com\/vi\/6-700x369.png\")
<\/p>\nHow to detect and prevent ransomware?<\/b><\/h2>\n
\n
\n\n
\n Exclusively written by the FPT IS experts<\/i><\/b><\/p>\n