By Louie Cantañeda
Country Manager, Fortinet Philippines
More than a year into the pandemic, most organizations are still embracing flexible working setups, such as working from home, as part of their new normal operations. With the implementation of remote working, businesses of all sizes have been an easy target of cybercriminals, mainly as employees access corporate resources from poorly secured home networks and devices. This setup can be an easy entry point for ransomware attacks and other social engineering techniques, such as phishing. And yes, this problem crosses political, geographical, and technological borders.
According to the 2021 1H Global Threat Landscape Report from FortiGuard Labs, ransomware grew 1,070% between July 2020 and June of 2021. Ransomware is a specific type of malware that holds data hostage in exchange for a ransom. It threatens to publish, block, or corrupt data or prevent users from accessing their computers unless they meet the attacker’s demands.
The global statistics mirror a similar situation in the Philippines. According to the latest available data on the National Computer Emergency Response Team (NCERT) website, 204 of 601 incidents handled by the agency from January to July 2021 were Malware and Malicious Files, making them the top cybercrime in the said period.
Ransomware has already been in the headlines these past few years, particularly with the occurrence of high-profile attacks such as the more recent attacks involving the French insurer AXA, which affected its IT operations in Asia, including the Philippines.
The recent high-profile attacks are driven by cyber threat actors’ efforts to adapt to the constantly changing security landscape. They are also upgrading their tools and amplifying their strategies to take advantage of the current scenario and exploit network vulnerabilities.
The question now is, what can we do to deal with the increasing volume and impact of ransomware? The answer is collaboration, and it will require an integrated response that involves stakeholders from both the government and private sector.
What can the private sector do?
The 2021 Ransomware Survey Report released recently by Fortinet, which surveyed 455 respondents composed of world business leaders and cybersecurity professionals, revealed that 72 percent of respondents said they have a ransom payment policy for ransomware attacks. Forty-nine percent of them noted that they would pay instantly as a procedure, and 25 percent would depend on its expensiveness.
However, the Federal Bureau of Investigation (FBI) reiterated that there is no guaranteed return of stolen data, and it “encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
Before making a call on whether to pay the ransom or not, private organizations must take active measures to ensure that they are protected against ransomware. And it starts by keeping updated backups of critical files offline and scanning devices trying to access the network to offload malware. It also pays to know how these attacks work.
Social engineering plays a significant role when ransomware is sent through phishing emails. This happens when people try to manipulate others into divulging personal or confidential information. One common social engineering tactic is sending emails or texts to scare the target into sharing sensitive information, opening a malicious file, or clicking on a malicious link.
Ransomware can also be spread through drive-by downloading, which happens when a user visits an infected website. The malware on that site is then downloaded and installed without the user even knowing about it.
Once the ransomware enters the computer, it secretly infects it. The software then proceeds to attack files, access credentials, and alter or encrypt them without being noticed by the user. As a result, the computer, or worst, the entire network, is held hostage by the person controlling the malware.
Thus, it pays to extend cybersecurity awareness and training to IT teams and all employees. Organizations can improve their overall cybersecurity posture by providing employees with training on best practices in cybersecurity hygiene and keeping them informed about current threats.
Many victim organizations lack up-to-date endpoint protection. However, ransomware attacks can be detected and blocked at the point of attack, especially by endpoint defenses that look at software behavior instead of signatures, known as Endpoint Detection and Response (EDR) solutions.
These advanced tools that can leverage automated behavioral analytics and capabilities can ensure that malicious behavior is readily identified even when actively seeking to evade detection.
In addition, they can detect and defuse cyber threats in real time, using automated response and remediation procedures with customizable playbooks.
Inadequate security control configurations (excessive account privileges, inadequate monitoring, etc.) and a lack of network segmentation also allow ransomware to spread laterally within a network. So, implementing a Zero Trust architecture and access policies can help minimize the spread of malware within an infected network.
What can government, authorities do?
Despite the availability of mature and viable commercial solutions and best practices to prevent, detect, and respond to ransomware attacks, ransomware prevention will never be foolproof even if organizations and individual users implement strong cybersecurity measures. The growth of ransomware reflects challenges that require government and, potentially, international cooperation.
Given the growing impact of ransomware on critical infrastructure and people’s daily lives, government authorities can decide whether to treat it as a high priority for law enforcement and intelligence collection.
They could consider mandatory breach reporting and mandatory ransomware payment disclosure requirements. Most experts agree that ransomware incidents are under-reported. Better data collection on the magnitude and rapidly changing characteristics of the ransomware problem is necessary to understand better and counter this growing epidemic more effectively.
For instance, in the Philippines, authorities have been actively monitoring and finding ways to eradicate cyber threats through programs handled by the DICT, the Philippine National Police — Anti-Cybercrime Group (PNP-ACG), among other relevant government agencies. Authorities also collaborate with private organizations to help prevent these cyberattacks.
All sectors have an essential role to play in developing and implementing solutions against ransomware attacks. However, collaboration, particularly among private and government sectors, is crucial to creating a long-term solution.
The good news is that there is growing awareness of ransomware as a problem and concerted efforts from all sectors, particularly the private and government sectors, are ongoing to address and, if not stop, these attacks from happening.
