Ransomware attacks remain among the most dangerous threats to organizations today, according to cybersecurity leader Fortinet. The FortiGuard Labs Global Threat Landscape Report revealed that organizations faced a sevenfold increase in ransomware attacks during the second half of last year as the shift to remote work and education, and rise in supply chain integration created added vulnerabilities.
In Q2 2021, the common trojans and botnets in Hong Kong were the usual suspects that have been around for many years. JS/Cryxos.1952!tr trojan (first found in 2019), Mirai Botnet (first found in 2016) and Gh0st Rat Botnet (first found in 2014) topped the list of virus and botnet detections.
On average, there were more than 750,000 ransomware attacks on organizations in Hong Kong every month, from April to June 2021, with REvil and TrickBot being the most frequently found ransomware.
The emergence of ransomware as a threat
Ransomware is a type of malware designed to encrypt files or restrict system access until a ransom is paid. The public release of sensitive data may also be threatened. Ransomware threats grew in the last decade with the emergence of ransomware-as-a-service (RaaS).
Today, many bad actors operate as large, distributed businesses, complete with call centres to handle ransom payments. They may target large corporations, high-profile individuals, and critical infrastructure to get the best payouts.
Through malicious software, ransomware makes its way onto devices and networks through infected emails, websites or programs.
FortiGuard Labs’ threat researchers documented a significant trend away from ransomware attacks targeting enterprise devices to ones targeting consumer-grade appliances when organizations began transitioning to a work-from-home (WFH) connection strategy, especially after the COVID-19 outbreak.
The pandemic has accelerated the shift to WFH and remote working, which offers new entry points for ransomware hackers to gain access to corporate networks. Every device that employees use to connect to corporate networks represents a potential risk that cybercriminals can exploit. One of the challenges of relying on decades-old remote desktop technology is that it does not provide any native inspection of the data sent through those connections, nor does it authenticate the users, devices, or applications flowing through it.
“The threat attack surface expanded as more companies required employees to work from home during the pandemic. An automated security fabric platform has become essential for organizations with increasingly complex network environments and a dramatically increasing number of endpoints,” said Cherry Fung, Fortinet’s regional director for Hong Kong, Macau and Mongolia.
“The platform minimizes risk by providing broad visibility and control over the entire potential digital attack surface. Using machine learning, the platform is automated to identify new cyber threats and enable speedy prevention, detection and responses.”
Protect against ransomware
To defend against today's growing and evolving ransomware threat, a broad security strategy applying people, processes, and security controls at each stage of the kill chain is recommended. Organizations in Hong Kong could further secure home offices and remote connections with the right tools from a reputable partner.
Other ransomware countermeasures could include regular backups of critical systems and off-network backup storage. Organizations need to have a ransomware attack response strategy and team in place and to regularly run recovery simulations and build chains of command with distributed authority so critical decisions are made as close to the cyber event as possible. Augmenting threat detection and response systems with artificial intelligence and automation will enable threats to be identified, investigated, and stopped at speed.
Organizations should also move away from a point defence approach to a more comprehensive risk-management framework.