Ransomware is malicious software or malware which prevents users from accessing computer files, systems, or networks until a ransom is paid.  This is a growing problem for organizations globally. Whereas traditional cyberattacks disrupt operations or disclose information, ransomware has a financial impact that could cause corporations to lose millions of dollars. Companies concerned about data being exfiltrated to steal trade secrets now find access to data being used to extort money.  Paying a ransom is not recommended but it happens. In April 2024, UnitedHealth paid hackers $22M and then spent nearly $600M on response and restoration activities.
Ransomware is a transnational threat that led to the formation of the Counter Ransomware Initiative (CRI). The CRI was initiated after the Colonial Pipeline ransomware attack in 2021 which highlighted the economic impact of cyberattacks. Colonial paid $4.4M, a fraction of the amount paid in the UnitedHealth attack.
There is no end to ransomware attacks because they are lucrative with payouts increasing with each attack. The business model is driven by profitability with different groups sharing in the spoils like the Hive operation in 2023. The operating model has advanced to where different teams gain access, conduct reconnaissance, deploy code, and exfiltrate data. Like well-run organizations, ransomware groups invest in research and development to improve technology and operations.
I am amazed at how much collaboration takes place among the hacking groups and lone wolves throughout the globe. Information is freely shared in electronic chat rooms and everyone is focused on continuous improvement.  Meanwhile, Federal, state, and local authorities operate in silos and are reluctant to share information.
There are actions that large and small organizations can take to stay ahead of the threat actors:
·       Basic cyber hygiene is the easiest and best approach to minimizing a successful cyber-attack. Strong passwords, multi-factor authentication, and patching make it difficult for hackers to find a way into your system.
·       Ensure you have a way to monitor your environment. If an IDS/IPS is not in your budget, review audit logs on a regular basis to identify suspicious activity.
·       Maintain backups in a secure off-site storage facility. This minimizes the impact if you can't access data that has been encrypted by attackers.
·       As discussed in a recent post by AMG’s cyber experts, Cyber Tabletop Exercises provide a simulated environment where organizations can assess and enhance their readiness.
·       Finally, cyber-insurance can protect businesses against losses resulting from a cyber-attack.
There is an old saying that “crime doesn’t pay” because eventually criminals will get caught and spend time in jail, but as long as today’s cyber criminals can hide in the digital shadows and stay out of sight, they will continue to follow the money.