In a world where online presence is necessary, ransomware remains a breathing operative to question its core. Only the most potent ransomware went through organizations radar in the past few years. But the smaller ones were also present to individuals and smaller companies.
The current ransomware situation doesn’t bring up the question of when, not if! Because it doesn’t matter how assured you are of the situation, make sure to take necessary precautions such as backing up essential data, encrypting customer information and the ability to restore in minutes notice.
Year received major headlines in ransomware attacks. Due to the suffocation of coronavirus and workplace moving online, the attack percentage took a considerable gain. Private organizations, individuals, supply chains, logistics and even government agencies failed to tackle the issue.
Recently, a Remote Code Execution (RCE) vulnerability was reported for the Apache logging package, popularly known as the Apache Log4j vulnerability, shaking the ground on ransomware attacks. It was first reported on December 9, 2021.
Within December 10, more than 3.7 million hacking attempts were reported on the exploit. Leading cybersecurity research firm Checkpoint reported that 46 per cent of these are from known malicious groups. The Log4j is a known project openly found on GitHub with over 400,000 downloads. The project showcased vulnerability execution but was used massively by malicious attackers.
Meanwhile, experts raised concerns that 2022 will receive more ransomware attacks than its successive year 2021. A careful venture in an online portfolio benefits the cause, but the fact remains. Vulnerability can come from any point, no matter how secure you are. It can get through any company computer and easily infect neighbouring connections.
CNN recently reported ‘Lock it down and piss people off,’ which reminds us how bad the situation is. A Florida hospital could become its next latest victim. Still, the quick actions of the hospital IT director stopped it at the doorstep. The 100-bed hospital received an emergency call to connect the charting system with medical histories. Doctors use that charted system to check patients’ medical history.
IT director Jamie Hussey realized why integration would be necessary as an outside vendor maintains it. He quickly turned down the system and later found out the emergency protocol was compromised, thus saving the hospital from a state-of-the-art ransomware attack.
On the flip side of the business, organizations and companies must prepare to go an extensive mile for protecting valuable information. Cyber attacks are consequent, and there is no surety from which side they may occur. It may come from a trusted source, a minor partner or a large one. Whether the source, it should be appropriately verified and monetarized.
There is good news among these; across the board, cybersecurity preparation, adaption and integration are levelling up gradually. Even the most minor position in the company regarding computing is given basic cybersecurity training. The wave of technical formality increases in the big picture, hence proving the point.
Gartner’s Digital Workplace Security team’s director Mark Harris talked about the WannaCry ransomware threat, causing devastating damage across organizations three-four years back. He said, ‘certainly for the larger organizations; they are prepared – they are getting better.’
Chief Information Security Officer’s (CISOs) today put reputation on the line rather than keeping things to the norm with experience. When reputation matters, you won’t hesitate to go the extra mile, which is a good thing.
Yet many people do not grasp the full gravity of ransomware incidents and suffer through consequences.
PwC reported that over 60 per cent of tech executives expect the number of ransomware incidents to grow in 2022. The US Treasury’s Financial Crimes Enforcement Network (FinCEN) report said that within 2021’s first half, over $600 million of ransomware money was paid.