Ransomware sneaks in with remote workers and cloud-based IT says CyberRisk Alliance survey

Remote workers and cloud-based technologies have become the dominant attack vectors for ransomware, which continues to grow at a “blistering pace”, according to a survey from CyberRisk Alliance (CRA).

More than 300 North American IT and cybersecurity decision-makers were polled.  Most, 62%, said they plan to increase spending on ransomware protection, as 43% admitted to at least one Ransomware attack within the past two years.

The top attack vectors were all from outside the organization, with 37% citing remote worker exploits as a key issue. An additional 35% said cloud infrastructure was to blame, and 32% reported security problems with cloud-based apps. 

Most organizations, 58%, paid the ransom demand, with 44% reporting a significant financial loss and 29% finding their data on the dark web.

“2021 gave witness to elevated levels of ransomware attacks, and there is no reason to believe 2022 will be different,” said Matt Alderman, EVP at CRA. “Cyber insurance is not the answer. On average, organizations will invest 4 – 5% more in 2022 to address ransomware in 2022.” 

Alderman warns that despite the higher vigilance and spending on cybersecurity, it will take companies many months to fully implement such measures, which means there will be lots of very vulnerable organizations until well into this year.

Also: Report: Ransomware attacks fall but new threats appear

The survey revealed two troubling issues: 37% reported they don’t have the budgets to deal with ransomware, while nearly one-third believe there is nothing to be done to stop ransomware attacks because they are too sophisticated. 

Ransomware attacks typically demand payment in a cryptocurrency such as Bitcoin, which the criminals then try to convert into fiat currencies. Although there are ways to hide the ownership of Bitcoins through the use of services called “Tumblers”, which mix up Bitcoins, the transparency of the blockchain technology means it is still possible to track down the bad actors despite such obfuscation measures. 

The Department of Justice recently traced and seized 94,000 Bitcoins that were from a ransomware exploit of Bitcoin exchange Bitfinex in 2016. 

Earlier this month, The FBI announced a new unit to deal with ransomware and other cybercrimes involving cryptocurrencies, called the Virtual Asset Exploitation Team (VAXU). 

The goal of VAXU is to combine the FBI’s cryptocurrency experts, its blockchain analysis tools, and virtual asset seizure capabilities into one group. There are more than 100 ransomware variants currently being tracked.

The FBI wants companies to report the ransomware attacks so that VAXU can trace the payments and prevent criminals from transforming their virtual currencies into real loot. Without a reliable business model, the FBI believes ransomware attacks will begin to fall in number rather than increase every year.