Cyber Threat Landscape 2024: Ransomware Dynamics

Data is a company’s most valuable asset. So, doing everything in your power to protect that asset is a given. But what if the threat you’re guarding your data against is known to cripple operations, tarnish reputations, and drain finances? And even worse, what if that threat is only getting more dangerous, thanks to a little thing called artificial intelligence (AI)?

Unfortunately, for many businesses, there’s nothing “what if” about this scenario. As many as 72% of businesses worldwide have experienced a ransomware attack at some point and know just how devastating the aftermath can be.

That’s why we tapped two cybersecurity experts to share their insights on ransomware, its evolution, and how businesses can protect themselves. Read on to hear what Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, a seasoned cybersecurity architect, have to say on this topic in their “Cyber Threat Landscape 2024: Navigating New Risks” master class.

Ransomware: The Basics

Ransomware is nothing new. However, there are always new business owners who (luckily) haven’t encountered it yet. So, let’s cover the basics first.

Ransomware is a natural product of phishing, a human-centric cyber threat that relies on social engineering to deceive individuals into providing sensitive information or downloading malicious attachments. The latter is what ultimately triggers a ransomware infection. Tom describes the process like this:

You click on a malicious link.

Your device downloads the malware.

Your system is now infected, and somebody else is essentially in charge.

They encrypt your data and demand you pay ransom for the encryption key to get it back.

As mentioned, dealing with ransomware attacks and cyber criminals has become a daily reality for companies worldwide. What certainly doesn’t help companies is the fact that ransomware is now also offered as a service.

Ransomware as a Service

Just a few short years ago, cybercriminals needed sophisticated technical skills and tools to develop and deploy ransomware. Now, all they need is access to the dark web.

As Tom explains it, numerous cyber criminals on the dark web offer ransomware as a service, a malicious adaptation of the software as a service (SaaS) business model. So, you essentially pay them to deploy their ransomware on your behalf.

The most famous, or should we say infamous, among these threats is the LockBit model, which has wreaked havoc on thousands of companies worldwide. The issue is that LockBit ransomware attacks vary in tactics, techniques, and procedures. In other words, an organization must be prepared for virtually anything.

How Has AI Affected Ransomware?

Ransomware is dangerous on its own. But throw artificial intelligence into the mix, and you’ve got a massive threat on your hands.

AI has undoubtedly revolutionized the cybersecurity industry, for better or for worse. The “worse” part is that AI is making cyber threats smarter. Unfortunately, for organizations, this particularly applies to ransomware. According to a 2024 report by the U.K.’s top intelligence agency, ransomware stands to gain the most from AI.

How so?

Well, AI has the potential to create malware that circumvents current cybersecurity detection measures. After all, AI is trained using data. Give it malware data to analyze, and it will learn how to evade detection by traditional cybersecurity tools.

AI will also likely generate a surge of new cybercriminals as the barrier to entering into cybercrime decreases with AI-powered tools.

Of course, the more capable and experienced attackers will also benefit from AI. They will use it to identify system vulnerabilities, bypass security defenses, and craft more precise social engineering attacks.

How to Prevent Ransomware Attacks

Given how quickly ransomware is evolving, preventing attacks requires a multi-faceted approach that combines technology, education, and proactive measures. Tom and Venicia break down this approach.

1. Keep Your Systems Updated

When it comes to anything cybersecurity-related, this is the first crucial step. Keep all your systems and programs updated and patched if you want to stand any chance of protecting against known vulnerabilities.

Tom says that there’s a new vulnerability “basically each week,” so having a process in place to update regularly and patch systems is essential.

Venicia adds that something as simple as a basic software update can go a long way toward protecting your data from ransomware. This update will limit its ability to spread through your network, thus reducing the impact of the attack.

2. Invest in Quality Training

Having the most advanced protection systems in place will do you no good if you don’t have well-trained employees.

These employees must learn to recognize potential cyberattacks that could introduce malware into your organization’s system (e.g., phishing emails). Of course, the next step is to respond effectively to the attack. Though each organization has its own set of rules in place, the proper response typically involves disconnecting from the network and contacting IT support.

3. Implement Defensive Systems

Humans are undoubtedly the first line of defense against cyber threats. However, they can’t do it alone. That’s why implementing advanced Endpoint Detection and Response (EDR) solutions is crucial. Tom explains that these systems will help you identify and, more importantly, mitigate a threat on time.

However, he also adds that you must restrict user permissions within the system. This way, even if a single component is compromised, the ransomware won’t take down the entire network.

4. Implement Network Segmentation

As you can see, a huge part of mitigating ransomware attacks is ensuring they don’t affect the entire network. That’s where network segmentation can also help.

As Tom explains, with network segmentation, the malicious actor in control of your network won’t be able to do “lateral movements.” In other words, even if they do manage to penetrate your network, they won’t be able to spread within it.

So, network segmentation is a critical part of the multi-layer approach every organization should adopt when it comes to cybersecurity.

5. Collaborate With Others

Remember – you aren’t the only one experiencing cyberattacks. In Venicia’s words, “ransomware has a global impact.”

That’s why organizations in the private sector are constantly encouraged to “talk to each other,” as Tom puts it. Of course, there’s always the issue of confidentiality, but Tom explains that this, too, can be resolved with a “closed circle of trust.”

Also, organizations in the private and public sectors are encouraged to share relevant information with institutions such as the Financial Services Information Sharing and Analysis Center (FS-ISAC).

In Europe, there’s also something called The No More Ransom Project. This Europol initiative has existed for years, hosting decryption keys for different types of ransomware. It has helped numerous individuals and organizations decrypt their systems and avoid paying the ransom.

Of course, this won’t always be possible, as the attackers typically keep changing the encryption keys. However, anything that helps organizations avoid paying the ransom is worth trying.

Why?

Because paying the ransom often won’t solve any problems.

As Tom explains it, you’re dealing with criminals, after all. So, they will often double the ransom after you pay the initial amount, having realized that you have the money. Or, they’ll simply take the money and run without giving you the decryption keys.

So, ongoing threat intelligence sharing should be among the top priorities for an organization, as it allows them to evade the last-resort scenario of paying the ransom.

6. Invest in Backups and Disaster Recovery

According to Venicia, backups and disaster recovery have a massive role to play in combating ransomware. She says that the primary reason organizations choose to pay the ransom is because they don’t have any backups in place. In other words, they don’t have an alternative way to get their data back.

That’s precisely what Tom has experienced working with many small and medium-sized businesses.

He says that these businesses usually don’t have disaster recovery procedures and data backups because they find them to be too expensive. Other times, they’ll say they didn’t have the time to deal with these measures. But whatever the excuse may be, one thing’s for sure – having no backups leaves you vulnerable to losing your data permanently in a ransomware attack.

According to Tom and Venicia, here’s what an ideal proactive approach to cybersecurity would look like.

Step No. 1 – Have regularly scheduled backups and ensure they’re stored in different environments, including offline ones. Tom suggests the 3-2-1 data backup strategy – have three copies of your data on two different mediums (e.g., hard drives and DVDs) with one copy off-site (a different physical location).

Step No. 2 – Regularly test your backups to see whether they’re able to handle different scenarios.

Step No. 3 – Implement a disaster recovery plan that outlines the steps for different types of incidents. Of course, these incidents shouldn’t only cover ransomware. Earthquakes, floods, and even meteor strikes should be considered in your plan. The last part might seem silly to you. In fact, it also sounded silly to Tom and his colleagues. That is, at least, until a meteor struck Russia in 2013. So, you never know!

The Importance of Cybersecurity Specialists

Most of the strategies for combating ransomware require one thing – a skilled cybersecurity specialist to execute them. This is also what most companies lack, which is why they easily fall victim to cyberattacks.

That’s why programs like the Enterprise Cybersecurity Master’s program at OPIT are essential for the future of cybersecurity. This program helps train the next generation of cybersecurity professionals to defend organizations against the so-called “Ransomware Armageddon” and any other cyber threat that might emerge.