Ransomware is getting sneakier, more brazen and easier to proliferate. Small and mid-sized enterprises may think they’re off the hook, but the tides have changed. Recent trends show that ‘small businesses are the new enterprise’ of ransomware, with cyber gangs switching from big-game targets like Colonial Pipeline to smaller, less organized institutions that are easier to breach. Here are the trends to follow, syndicates to watch and reasons why no small business can afford to have a “small business mentality” when it comes to defending against ransomware threats. And, what you can do to defend like an enterprise.
What’s new, Ransomware?
If you haven’t been keeping up, here are some popular ransomware trends of 2022 and the past year. While the tactics are still effective, the overarching direction is from complicated to mass-producible, from one-offs to repeat victims. In other words, cybercriminals are trying to leverage previous work to do more damage with less – and it’s working. Can your SME keep up?
1. Ransomware as a Service (RaaS). RaaS is the act of taking a piece of ransomware code and mass distributing it on a pay-as-you-go basis so those with low skill levels can still implement a successful attack. Darn that aaS economy. The sword cuts both ways, and as enterprises are scaling up efficiencies, so are bad actors. Some intimidating ransomware gangs are nothing more than RaaS proliferators, intimidating hospitals and demanding payment from ransomware they didn’t create. But hey, the cyber talent shortage must be hard on everyone. Groups using RaaS methods include BlackCat, Sugar, to some extent PryntStealer – a Malware as a Service (MaaS) user, REvil (before it was shut down), and DarkSide, the guys behind Colonial Pipeline (well, sort of behind it).
2. Double extortion (and beyond). Now there’s double, triple, even quadruple extortion – when a cyber gang will reach out to third parties affected in the initial attack and demand payment from them, too. Typically, a ransomware attack will exfiltrate sensitive data, encrypt it, then demand payment to deliver the decryption key and get it back. Double extortion takes the extra step of saving some of that data before it’s encrypted and threatening to leak it if the ransome isn’t paid. Triple extortion goes the extra mile of calling the owners of said compromised data and demanding individual ransom payments from them, too. For example, a medical building gets hacked and attackers call the patients, demanding lump sums to not release their private medical records to the public.
3. Double dipping. Often, a ransomware gang will go back and target the same poor company they targeted the last time to get out of doing more work. In other words, they’ll launch the attack again, exfiltrate, encrypt and drop a ransom note – twice. The upside? Besides saving time and effort, the chances are high that a company that paid the ransom once will pay it again. That’s why the FBI advocates not paying.
4. DDoS attack add-ons. It’s sneaky, and is used in two ways. REvil offers this as a service add-on to a double extortion scheme (how nice), in which it will launch a Denial of Service attack (often accompanied by harassing phone calls) on a company that refuses to pay. Or, it could be used as a smoke-screen maneuver; while the IT guys are busy trying to beat down the DDoS attack, a piece of malware will sneak through elsewhere on the network undetected. Told you it’s sneaky.
5. These gangs. Be on the alert for these active ransomware gangs in 2022. From breaching schools to targeting the San Francisco 49ers, they’ve done their share of damage. The list includes: Vice Society, BlackByte, HelloKitty, Stormous, Night Sky, Zeon, Pandora, Maze, and of course, quantum ransomware threats.
With so many sharks swimming around, it’s important to have a shark-proof cage. However, due to a lack of resources, many small businesses don’t. And, bad actors don’t care.
Ransomware Doesn’t Pull Punches for SMEs
Ransomware gangs will use the same methods to attack a smaller company that they use to attack a larger one. The only difference is one may be a lot less prepared. Because SMEs don’t typically have the structure, staff or tooling to fend off tomorrow’s latest cyberattacks, they can’t afford to have any blood in the water. However, that doesn’t have to be the case for your SME. We’ll show you the risks, the resources, and what you can do to stay ahead of the ransomware hit list.
We’re living in what’s been called the “golden age of ransomware” and the tables are turning on small businesses. No longer under the radar, one editorial points out, “Criminals know that small firms have weak or non-existent cybersecurity systems. As a result, they target them in large numbers, sending out repeated phishing attempts in the hopes of capturing a few victims in their automated nets.” It’s all hands on deck, because an attack on one small business reinforces the narrative that they’re as easy of targets as attackers think they are. With small businesses representing over half of all ransomware attacks, SMEs can no longer afford to be the weakest link.
You should be especially careful if you’re a small business in the following industries: healthcare, state and local entities, K-12 schools, manufacturing, finance, or in the supply chain for any sector of critical national infrastructure (like small municipal water plants). Ransomware gangs will target you for the high-value impact and the fact that you’re usually stretched in funding, understaffed and overworked.
However, there is a way SMEs can leverage the resources they have. They may not be able to spend millions of dollars on cybersecurity analysts that stay ahead of every ransomware and nation-state threat (MITRE ATT&CK), build out policies, standards and frameworks against those specific threats (NIST) and make sure they are strong enough to protect critical national infrastructure like the nation’s water supply and power grid (CISA) – but the government does. Use those standards. Use those resources. Millions of dollars have been poured into research and development of those frameworks, and they leverage the most advanced, state-of-the-industry cybersecurity methods to enable Critical National Infrastructure (CNI) sectors like nuclear power and healthcare to stay ahead of the most lethal ransomware threats facing the country’s resources. They could definitely protect yours (and then some).
So why don’t more SMEs adopt them? Because it’s confusing, and most small businesses lack the manpower or cyber expertise to run basic pen tests on a regular basis and keep up with the thousands of security alerts from their existing tooling, much less invest in the latest technology to do more. Keeping up with these standards requires you to build out an enterprise-wide security posture that can defend in the cloud and assimilate on-prem, Kubernetes and other resources and do it all to be compliant with standards laid out by CISA, NIST and federal law – which, by the way, are updated regularly. It’s a Goliath task.
David and Goliath: Port53 Helps SMEs do Cybersecurity like an Enterprise
That’s where we can help. In fact, that’s what Port53 is made for. We help you catch up. We scale up your SME cybersecurity posture to enterprise level, so you’ve got the same fighting chance as the big guys.
Ransomware actors are picking on small businesses because they assume they don’t have the resources to keep up, and for the most part they’re right. Port53 helps change the narrative and gives you a chance to scale up to the same level of cybersecurity as defense contractors and sectors of critical national infrastructure – not to mention large scale corporations with industry advanced technology.
This is how we do it. We’ll take your pulse with our security audit, find out where your baselines are, then map a trajectory based on your organization’s goals and industry standards. We’ll advise you on any tooling gaps, or use our SOC-as-a-Service to complete your cybersecurity strategy. Lean on Port53 to leverage whatever resources your SME currently has and bring them up to speed with where they should be – enterprise level.
Ransomware actors don’t care how underprepared you are – they’ll attack you with the same sophisticated ransomware technology they use to attack the big guys, do enough damage, and demand enough ransom that the FBI and CISA need to get involved (remember that hospital incident with Hive?).
So if you’re going to get hit like an enterprise, you’ve got to defend like one. Use Port53’s managed security service offerings to bring your SME security posture up to speed with the ransomware threats it will really be facing, and get the same cybersecurity defense as the big guys.