The Evolving Threat of Ransomware Attacks
It’s false that most victims of ransomware pay a ransom to access their data and then get the decryption keys and recover, Payton said. It used to be “fairly true,” but now sometimes the keys that are provided are false keys that do not work.
Ransomware has been outsourced in many ways to criminal syndicates, and sometimes “junior varsity” attackers without enough expertise are involved, Payton said. “A lot of it is outsourced now,” she said. “They kind of want to give you the right keys, but they’ve lost track and they’re not very organized, and it’s gotten kind of bigger than they can handle, the ransomware incidents. So, they can’t figure out which keys to give you.”
Payton added: “There’s not really a help desk in between the cybercriminal syndicates that are actually conducting the ransomware against you.”
Payton predicted that in 2021, “ransomware will go all-in on the cloud.”
“Besides ransomware, ‘extortionware’ and ‘destructionware’ will, sadly, become household words,” she said. “As ransomware continues to evolve, we’ve seen situations where the ransomware happens and basically they say, ‘We actually have your data and we’re going to start dumping it on the internet in three hours if you don’t pay us.’ Or, they actually show you, they’re deleting your data a little bit at a time to try and get you to pay versus. having you try to go to the backup route.”
Ransomware will “successfully hit a cloud services provider that houses organizations’ systems. They’re going to lock both the backup and the operations, making it very hard not to pay the ransom,” Payton predicted.
To guard against such attacks, Payton recommends that organizations have more than one cloud services provider to ensure “operational resiliency.” She also recommends IT leaders “think about storing an extra copy of your backups and your access logs offline and out of band.”
Agencies can also practice a ransomware response playbook, along with learning about the new forms of ransomware that delete data, Payton said. IT leaders need to think through when they might pay and when they might not — and must ensure that government lawyers are involved.
Increasingly, she said, cybersecurity insurance firms are also deciding it might be cheaper for organizations to pay ransoms than to pay for the service disruptions, the restoration of backups and the forensics of an attack. “Yikes,” Payton said. “Make sure you’re really on the same page with your insurance company as well.”
5G Networks Could Pose a Threat to Cities
Yet Payton predicted that 5G “will actually accelerate cybercrime.”
Payton argued that the world needs 5G, but security issues around the network that are not resolved soon are going to “allow cybercriminals to launch massive attacks at a speed and scale we’ve never seen before.”
As cybersecurity firm Bluefin notes, 5G is more secure than older wireless networks because 5G networks encrypt more data, are more software-based and can be more easily monitored and managed. Network slicing technology, meanwhile, enables specific devices to have network-specific protections.
“In other ways, it’s less secure,” Bluefin notes in a blog post. “Because of the potential to connect to more devices, there is a larger attack surface. With the increase in connectivity, there will also be a need to authenticate a larger number of devices.”
Payton said she thinks a smart city running on 5G “is going to be held hostage by a cyberattack.” To guard against that, she said, cities should think about specific geographic locations where 5G networks and devices operate and talk to 5G service providers “about backup options and services if there is a cyberattack specifically against the 5G.”