Prominent ransomware attacks may have catapulted cyber crime into the spot light, but contrary to popular belief, ransomware is not a new threat. We have seen the evolution of cyber crime year over year, and it’s now time for better security.
2021 Ransomware Evolution
Ransomware may have started in 1989, but the real boom didn’t start until 2011 when cyber criminals determined people were willing to pay to retrieve their data. As time progressed, cyber criminals advanced their methods by finding new ways to infect their victims and creating new forms of ransomware. This year is no different.
In 2021, we have seen cyber criminals move toward supply chain attacks, like what happened to Kaseya. This resulted in the world’s largest ransomware attack, impacting thousands of devices.
What’s a supply chain attack? It its most basic form, it’s an infection that works its way down the funnel of the chain. In Kaseya’s case, the infection wormed into the on-premise version of the software. From there, it spread to the managed service providers (MSPs) that were using the on-premise version. But it didn’t stop there. Managed service providers manage services, like IT services, for a variety of organizations. Once the MSP’s were infected, it went to their customers. The higher in the chain that is infected, the further the malware can be spread.
Avoiding Detection
It’s a consistent goal of the cyber criminal, to avoid detection. If their malware is found, they will not be profitable. Therefore, they continue to change their coding to avoid being had. In addition to changing the code, cyber criminals started using new coding languages.
Cyber gangs are also using a variety of platforms to distribute their cyber attacks, with the most recent being Discord. Discord is a messaging platform that individuals and businesses use. Because of the premise of the software — to communicate, share ideas, attachments, etc. it makes for a cyber criminals dream. Malicious attachments and links can be shared very easily, and users will likely not think twice about clicking on them. Please proceed with caution!
Better Security
With cyber crime continuing to evolve, it is important for users to stay vigilant. It is worth the time and financial investment to partake in cybersecurity training. By knowing how to stop the threats, individuals will be less likely to fall victim.
It is also imperative to use better security. Using a level of application whitelisting protection on all devices, will only allow tested and proven safe programs and applications to run.
Together, these two steps will reduce the threat exposure of the individual and/or business by a factor of ten.