To better thwart ransomware attacks, startups must get cybersecurity basics right • TechCrunch

The Department of Justice (DOJ) famously declared 2021 as the “worst year” for ransomware attacks, but it seems that title could be in 2022’s hands very soon.

Despite some rare wins in the war against hackers over the past 12 months — from the government’s seizure of $2.3 million in bitcoin paid out to the Colonial Pipeline hackers, to its successful disruption of the notorious REvil gang — the ransomware threat continues to grow. Over the past few months alone, we’ve seen threat actors ramping up attacks against public sector organizations, including hospitals, schools, and in the case of Costa Rica, entire governments. The private sector is also battling a worsening ransomware threat, with attackers claiming a number of high-profile victims such as AMD, Foxconn and Nvidia.

Founders of early stage startups will undoubtedly find it concerning to see even well-known organizations failing to protect themselves from ransomware despite their seemingly endless resources, particularly as it’s unclear exactly where these companies went wrong.

“It could be a zero-day or it could be a failure to implement multi-factor authentication (MFA) or an MFA bypass,” said Brett Callow, threat analyst at Emsisoft, during a panel discussion on the TechCrunch+ stage at Disrupt 2022. “There’s no standard answer, and that is what makes this problem so difficult to deal with.”