Facing Off with the Ransomware Conundrum
In the wake of the recent LockBit ransomware attempt on Accenture, it seems it is a matter of “when” rather than “if” cyberattacks might darken an organization’s door.
Word spread earlier this month of an attempt Requests for further elaboration from Accenture on the LockBit incident have yet to be answered.
In this instance, the ransomware attack appears to have been neutered “What we’ve seen is an increasing theme of attacks going towards larger, enterprise organizations,” says Simon Jelley, a general manager with Veritas, a provider of enterprise data protection. He says it was fairly common 18 months ago for smaller organizations and the public sector, such as education and government agencies, to be targets of ransomware attacks rather than enterprises.
Ransomware attacks, he says, now seem to have graduated to targeting large companies that have deeper pockets and with a potential for more data at risk possibly. Citing reports on the LockBit attack, Jelley says Accenture seems to have been aware of the possibility for such attacks and recovered in somewhat shorter order.
Furthermore, Accenture released a report at the top of the month about the “Triple digit increase in cyberattacks” — without any mention of LockBit or the firm’s own experience with ransomware attempts.
Jelley says ransomware attackers, much like other cybercriminals, continue to become more sophisticated in their attempts to breach security. For example, the supply chain attack on SolarWinds began months in advance as the attackers played a “long game” to distribute the Sunburst malware. Naturally, this means organizations must respond Some commonalities remain in cyberattacks even as they become more sophisticated, Jelley says. For instance, attackers are likely to target weaker layers of infrastructure such as phishing attempts meant to dupe employees. Ransomware and other types of attacks continue to get better at mimicking corporate emails or social media links, he says. “LockBit looked like a legitimate kind of reference to customers and their employees, which gave them access to the targeted networks.”
What stood out to Jelley about the LockBit attack was it represented a mercenary shift in how malicious cyber activity can play out. The minds behind the LockBit ransomware seemed to lease that code to third parties, he says, who then put it to work. “They’re offering the services they developed and hiring out their expertise to figure out the quickest way to gain access to a company or corporate network,” Jelley says. “That’s been a definite shift. It’s kind of like a two-tier supply market in terms of how ransomware is developing.”
Though Accenture seems to have rolled the LockBit attempt off its back, ransomware remains part of the threat landscape, Jelley says. “Software is always playing catch up to who’s the next smartest hacker that tries to break into infrastructure.” Even if a company can recover data from backups, the risk persists of a hacker publishing potentially sensitive data, he says.
“Organizations should see themselves as potential targets,” Jelley says. The continuous improvement of security software may be an important step for organizations, he says, though that might not be enough to defend and minimize the effect of ransomware. “Test your recovery so you know you can get your data back and ultimately don’t have to pay that ransom.” Jelley says.
Related Content:
Cloud Cybersecurity: The Power of One
SolarWinds CEO Talks Securing IT in the Wake of Sunburst
What You Need to Know About Ransomware Insurance