Ransomware attacks are a growing and highly disruptive online security threat that have gained significant attention in recent years. These malicious attacks involve the encryption, or “locking,” of valuable digital data by a ransomware ‘attacker’ or ‘gang’ who demand a sum of money to ‘unlock’ the data. And, although attacks have mainly targeted individuals and companies, these malicious attacks have also extended into the critical infrastructure domain with alarming results. In this article, we’ll explore the growing threat of ransomware attacks, assess their damage with a focus on high-profile incidents and impact on critical infrastructure, and discuss preventive measures for defending against attacks in the future.
The Growing Threat of Ransomware Attacks
The rise of the ransomeware attack has been significant in recent years. In the 2020 – 2021 threat report by cybersecurity experts McAfee (https://www.mcafee.com/enterprise/en-gb/assets/reports/rp-quarterly-threat-q4-2020.pdf), they report that Ransomware and ransomware gangs were one of the greatest identifiable security threats of the last year. This applied to both commercial and individual users. As noted, ransomware gangs have often targeted individuals, but companies are also at risk. For example, in 2019, California-based Calexico Medical center (https://www.statnews.com/2019/01/22/ransomware-attack-calexico-hospital/) was the victim of a ransomware attack which forced the hospital to pay $400,000 to the attackers for the decryption key.
In 2023 ransomware attacks are expected to continue to rise, due to the increased sophistication of ransomware campaigns and the rapid increase in adoption of cloud and mobile technology (https://www.cnbc.com/2020/12/03/19-ransomware-incidents-each-month-in-2020.html). Cyber criminals are exploring and exploiting these new technologies, and the development of novel malware-as-a-Service approaches that allow the sale and distribution of ransomware. As such, it is important now more than ever for both individuals and companies to take the appropriate steps to protect their information and networks. Organizations should ensure reasonable security measures are in place in order to mitigate the risk of a successful attack. These measures can include training personnel, maintaining a secure system and regularly backing up data. Individuals should also practice good cyber hygiene and avoid clicking on suspicious links or downloading unexpected attachments.
Assessing the Damage: High Profile Incidents, Critical Infrastructure Impact
Ransomware attacks have not only been damaging to companies and businesses, but have also had an impact on critical infrastructure in various regions. In 2020, The US Cybersecurity and Infrastructure Security Agency (https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a) identified ransomware attacks on critical sectors such as healthcare and public utilities. Additionally, Ransomware protection firms Malwarebytes have reported an increase in the use of both ransomware and data extortion from companies across Europe and the US. This relatively high rate of ransomware attacks has prompted the World Health Organisation (WHO) to remind members of their organization to act swiftly and take preventive measures when it comes to protecting against ransomware attacks (https://www.who.int/news-room/detail/08-09-2019-protecting-health-data-from-ransomware-cyber-attacks).
In 2021, the FBI reported 649 incidents of ransomware attacks on critical infrastructure organizations [(https://www.securityweek.com/fbi-649-ransomware-attacks-reported-critical-infrastructure-organizations-2021/)]. As reported by the FBI, these ransomware attacks caused significant disruption to essential services in the healthcare and public sector. This included 210 ransomware related attacks reported throughout 2022 [(https://www.cybersecuritydive.com/news/ransomware-critical-infrastructure-2022/645068/)]. As of 2023, the threat of ransomware attacks on critical infrastructure remains an enduring issue and security organizations continue to advise caution when it comes to defending against ransomware. A notable example from 2023 is the US Department of Justice’s charging of a Russian national who was allegedly responsible for ransomware attacks against critical infrastructure [(https://www.justice.gov/opa/pr/russian-national-charged-ransomware-attacks-against-critical-infrastructure)]. As the sophistication of ransomware attacks continue to grow, critical infrastructure should make sure they remain vigilant and take the necessary security measures to protect their data and networks against attacks.
Defending the Future: Preventive Measures to Combat Ransomware Attacks
In order to adequately defend against the threat of ransomware attacks, it is important to properly implement measures for prevention. They include:
- Regular cybersecurity audits: Utilizing automated third-party services for secure monitoring, testing, and reporting of existing systems can ensure vulnerable areas are identified and properly addressed.
- Access control: As many ransomware attacks target remote and uncontrolled access, ensuring that all users and systems are registered, and access is properly monitored, can be used to defend against such attacks.
- Backup as prevention: Having regular backups of all systems and data in place is crucially important, as this way should an attack occur, organizations would have the ability to access and restore any affected systems and data in a timely manner.
- Advanced threat detection: Utilizing AI-enabled threat detection and response systems can help detect malicious activity before it can cause damage.
User training: Awareness training for users is another effective preventive measure, as it ensures users understand the threats posed by ransomware and how to adequately protect against them. Besides user training, testing should also be in place, such as pen tests that review cyber-security capabilities from an attacker’s perspective. Furthermore, as outlined in [](https://www.tripwire.com/state-of-security/22-ransomware-prevention-tips) and [](https://www.trendmicro.com/en_us/what-is/ransomware/how-to-prevent.html), additional preventive measures for ransomware include segmenting network, applying patches, and tracking behavior. As mentioned in [](https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks), an effective defense-in-depth strategy should also be implemented that consists of measures for protection, detection, response, and recovery. These measures when implemented together can dramatically improve the security abilities of any organization and help them adequately defend against ransomware attacks in the future.
Ransomware attacks have been a growing and increasingly disruptive and destructive threat of recent years. Without proper protective measures in place, these attacks can cause significant damage to both businesses and critical infrastructure. Fortunately, by following a few simple preventive steps, such as regularly testing systems, monitoring access, backing up data, and utilizing advanced threat detection, organizations can greatly reduce the chances of a ransomware attack from occurring. [(https://www.mcafee.com/enterprise/en-gb/assets/reports/rp-quarterly-threat-q4-2020.pdf)], [(https://www.statnews.com/2019/01/22/ransomware-attack-calexico-hospital/)], [(https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a)], [(https://www.who.int/news-room/detail/08-09-2019-protecting-health-data-from-ransomware-cyber-attacks)]