LoginID’s FIDO2 Passwordless Authentication Tools are Free for Startups and Small Businesses. Get started HERE.
Trends in Ransomware and How to Prevent It
Ransomware attacks have exploded in the 2021 and not only are they damaging companies but these attacks are also a threat to national security. The threat of ransomware is not going away and is in fact increasing as personal and financial data continue to be targeted by bad actors. The ROI of these attacks is simply too great for hackers to ignore especially given that the security measures employed are often out of date and easily exploited.
What is a Ransomware Attack?
A ransomware attack occurs when a business or individual inadvertently downloads a piece of malware into their system which then hijacks their ability to access certain critical data or systems necessary for operations. The creator of the ransomware then tries to extort a ransom from the business or individual in order to regain access to the system or the critical data.
Traditional ransomware would simply lock businesses out of their systems until they paid, however a skilled programmer would still be able to unlock the system without having to pay up. Unfortunately, more advanced ransomware techniques have been developed in which the business’ data is encrypted and cannot be unlocked without paying the hacker for the encryption key.
How do Ransomware Attacks Happen?
One of the most common methods ransomware attackers employ is a simple phishing attack. Bad actors will send emails to company employees or anyone with access to internal systems with innocuous looking links that then prompt the user to enter personal information like username and passwords.
Once the hacker has this information they can then gain access to the system, install their malware, encrypt the company’s data, and extort the company for hundreds to millions of dollars, depending on the size of the company. This highlights the need for phishing prevention and real time fraud prevention measures like integrating biometric authentication into systems to eliminate passwords.
Other forms of ransomware like Petya and Notpetya can infect a machine through a security hole without needing to phish for login credentials from employees. The malware arrives in a file, sometimes disguised as a job applicant's resume, that is then opened and downloaded to the machine where it infects the hard drive. The ransomware then requests a bitcoin payment be sent in order to unencrypt the hard drive.
Attacks and Damages are on the Rise
In October 2021 the Financial Crimes Enforcement Network (FinCEN) released a report that ransomware related transactions were nearly $600M for the first half of 2021. That is a 40% increase from 2020 and more than 4 times the amount reported in 2019.
This is highly likely only the tip of the iceberg and a massive under-reporting as many companies are reluctant to report ransomware payments for fear of reputational damage. In the same report, investigators from the Treasury department flagged $5.2 billion in crypto transactions as being ransomware related.
Who is Being Targeted by Ransomware?
Small businesses have been the target of ransomware for years now. They tend to have less robust security features and training for employees than their larger counterparts that make them more vulnerable to attacks.
However, the smaller the business, the lower the ransom payment a bad actor can extract from them. More recently we have seen ransomware attacks targeting large companies, interstate infrastructure, schools, and the health care sector.
In May of 2021 hackers targeted the Colonial Gas Pipeline shutting down operations and cutting off a key source of energy for the US East Coast. This is an indication that ransomware attacks are getting bolder and pose a risk to national security. If a ransomware hacker were able to shut down the power grid, there is no telling how much damage both financially and physically would occur.
Healthcare providers and hospitals have also become targets for attacks. In July 2019, The Springfield Medical Center in Alabama was experiencing computer outages caused by a ransomware attack for over a week. Tragically, the lack of access to computer systems, patient records, and machines that monitor heartbeats lead to the death of a newborn baby. This highlights the human cost such attacks can have.
Governments are Taking Action
The growing threat and rising profile of these attacks has roused governments internationally to address the ransomware problem. The US convened an international summit to address the ransomware threat in Oct 2021, inviting the international community to address issues like cybersecurity and the use of cryptocurrency to facilitate ransom payments.
In the first instance of its kind, the US announced that it has sanctioned the crypto exchange, Suex, for facilitating ransom payments and laundering money. The Treasury stated that nearly 40% of transactions on this exchange were associated with illicit activity and traced transactions involved in at least eight different ransomware schemes. This is a clear first step in showing that ransomware attacks are being taken seriously and that the US government will take action to prevent it.
40% of transactions on this exchange were associated with illicit activity and traced transactions involved in at least eight different ransomware schemes. This is a clear first step in showing that ransomware attacks are being taken seriously and that the US government will take action to prevent it.
The US Treasury has also issued guidance that private firms who facilitate ransomware payments will be held accountable and could face similar sanctions to that Suex faced. This provides clear guidance and a stern warning to the crypto industry that they need to have compliance systems in place to ensure transactions by bad actors are not being processed.
Complying with the New Ransomware Guidelines
Crypto exchanges and digital wallets are now behind the eight ball to ensure that they are complying with these guidelines or they will have to face serious consequences. One measure exchanges could take would be to integrate an eKYC portal into their digital onboarding process to ensure customers are who they say they are via digital identity verification.
An additional measure that exchanges and wallets could take would be to add a biometric digital signature requirement to complete a transaction. Users would be prompted to provide biometric authentication which then cryptographically signs the transaction and creates a digital receipt, ensuring that the transacting party is the owner of the crypto being sent.
How to Prevent Ransomware Attacks
Keeping all operating systems up to date with latest patches and anti-malware software, eliminating weak and phishing prone security measures like passwords, and ongoing education for all employees and anyone with system access are all critical steps for ransomware prevention.
When it comes to phishing prevention and eliminating the risk posed by passwords, LoginID offers a FIDO2-certified passwordless authentication solution that can help mitigate the risk. Utilizing the biometrics native to the end user’s device, a private key public key pair is created that links the device with the user at registration. To login and authenticate going forward, the user needs to simply swipe their finger or scan their face.
