Ransomware attacks make up about a third of cyberattacks these days, targeting companies in a wide range of sectors. According to the Chief Information Security Officer (CISO) Report by Splunk, 96% of respondents fell victim to a ransomware attack in the past year, and 83% of them paid up. These attacks are costly and indiscriminate, targeting financial infrastructure, start-ups, and even children’s hospitals.
The core of a ransomware attack is simple: The hacker gains access to sensitive information through some form of compromised secret or credential (purchased from a data leak or gained through other cyberattacks like phishing) and then encrypts this sensitive information so the original owner can no longer access it. The hacker is essentially holding the use of this information hostage, asking for money or other compensation in exchange for its release.
The damage from ransomware attacks varies widely based on infrastructural weaknesses on the victim’s side. Suppose the victim employs strong, consistent, and comprehensive security measures. In that case, the attacker may only gain access to a small portion of the overall platform or may only gain access to a part of the platform that has a recently backed-up version, ensuring that the damages incurred from not paying the ransom equate to just a few days or weeks of development progress.
Ransomware can also target critical infrastructure, like children’s hospitals (as told in this interview with ransomware negotiators) or repositories of sensitive personal health information (PHI) or financial data. The consequences of attacks on critical infrastructure are much higher, and the damage is often more than just financial.
In the wake of the attack, the hacker offers the key to decrypting the information they gained access to for a price, of course. Just because the ransom is paid, though, doesn’t mean you’re in the clear. The decrypting key isn’t always shared. The only proper way to ensure that data remains safe from ransomware is to avoid being attacked in the first place. Still, with the increasing prevalence of ransomware, it’s just as important to have a policy in place to respond to attacks if they do happen.
The ransomware threat landscape is constantly evolving. In many cases, the software used in these attacks is developed by a particular studio. It is then shipped out globally to individual agents to find and target companies independently. This studio is constantly developing new strategies to hold information ransom. Many of these groups are harbored overseas and are difficult to target, especially since the developers of the technology are different from the ones deploying it. The dispersion of the development and deployment of ransomware makes the threat landscape challenging to predict and navigate.
The damage of ransomware attacks extends beyond the information held for ransom. There are plenty of other associated costs. Data breaches call into question legal compliance with consumer protection acts like HIPAA, GDPR, or CCPA. Bearing legal responsibility adds additional costs on top of platform damage and paying ransom.
Reputation damage is also a costly factor, especially in a fast-paced, competitive digital market. Falling victim to a ransomware attack shows customers that their information is not secure when they do business with the platform and that they should seek out a qualified competitor.
The first step to avoiding ransomware attacks is to employ the right teams and equip them with the proper tools they need to keep your platform infrastructure and development pipeline safe and secure. The role of the Chief Information Security Officers (CISOs) is changing as fast as the development of new cyber threats.
The two primary preparation vectors are consistent breach preventative measures during the development pipeline, coupled with a strong response plan in the event of a ransomware attack:
Utilizing best practices in development and properly securing secrets in the cloud helps to prevent some of the human error in the development process that leads to these breaches in the first place. These steps include using secrets managers to monitor and audit secrets and credentials access.
This also means investing in developer security training, so DevOps knows potential attack surfaces and how to prevent future breaches. Keeping the whole team up-to-date is crucial since human error is the weakest link in cybersecurity.
The platform’s legal counsel should also be involved in the development pipeline to ensure that future platform features and procedures maintain legal security compliance, especially where sensitive information (like personal health or financial information) is concerned.
According to expert ransomware negotiators, self-negotiation with hackers is, at best, ineffective and more often leads to further damages and higher ransom costs since hackers have much more experience with ransomware negotiations than platform leadership does.
Not only can self-negotiation lead to higher ransom costs, but it can also lead to legal and financial hardship, as paying ransoms is a complex process. Financial institutions freeze assets if they detect large payments going to blacklisted countries, companies, or international banks, as these recipients are commonly associated with fraudulent activity. The legality of paying ransom is just as complicated.
It’s essential to have a plan in place in the event of a ransomware attack. Professional ransomware consultants and negotiators can help prepare your CISO with the information they need to legally enter into this negotiation process and not cause further damages associated with self-negotiation, frozen assets, or illegal ransom payments. Don’t hamstring your response by being unprepared.
Lastly, your team should learn from the attack. Secrets managers with comprehensive audit logs can help retroactively discover what vulnerability was used to get into the system in the first place.
The CISO role has changed dramatically in the last few years and will continue to evolve with the growth of both malicious and protective AI tools. Information security is worth the investment. Security training, software, tools, and more can help protect your business from being an easy target.
Ensure your team is equipped with the right secrets manager to minimize the attack surface for ransomware hackers and to track and remedy breaches as quickly as possible. Try out a demo or check out our docs to learn more about how Doppler differs from other Secrets Managers!
Trusted by the world’s best DevOps and security teams. Doppler is the secrets manager developers love.