Combating extortionware in 2021: A rising attack method for the modern day hacker

In early 2020, the COVID-19 pandemic took the world by storm. Just as quickly as the virus began to spread, organizations were forced to act and adapt to a new style of work. As companies rapidly moved to the cloud to support a digital workforce, they were tasked with securing remote workloads, deploying new tools across global teams within days or weeks, and simultaneously ensuring the data is protected from a variety of threats. Unfortunately, this was unchartered territory for many businesses. Cybercriminals took notice and an unprecedented amount of cyberattacks followed shortly after.

As the headlines showed, ransomware continued to be the weapon of choice in 2020, and extortionware is on the rise. While ransomware has become a tried and true method at this point, extortionware tactics are raising the stakes by threatening to expose sensitive information if the ransom is not paid. Arguably, The Maze Ransomware Group became the most notorious cybercriminal group for using extortion type methods in 2020. If companies refused to pay Maze’s ransom fees, these hackers expose their data online through continuous data leaks that make it next to impossible to know when they would stop. Therefore a significant concern has to be the monitoring of exfiltration of data.

Given how lucrative extortionware can be for hackers, it will continue to grow as a favored attack method. However, there are steps that organizations can take to ensure their data is air-gapped and protected from such malicious threats. To ensure cyber resiliency, organizations must implement a holistic security strategy that incorporates both protection and recovery. This includes deploying protective measures that can keep threats out and empowering resilience to minimize downtime when (not if) a ransomware attack happens.

End-user data, NAS systems, file shares, virtual machines and SaaS applications including Microsoft 365 and any large data set is particularly vulnerable to ransomware and extortionware attacks. Given today’s remote working environment, there is more data being saved on more devices for an extended period of time, expanding the potential threat surface. It’s important to regularly clean up these file stores, and instead backup such data, and then restore temporarily if and when needed in the future.

Such a strong data management approach, coupled with a robust protection architecture that includes reliable backup and disaster recovery, helps ensure these applications remain protected and easily recovered. In addition, organizations must frequently test their data recovery and backup solutions to ensure optimal success in the event of a cyber incident. This final step of testing is often where organizations fail to ensure these solutions work as prescribed.

Organizations should think proactively and be aware of the penalties for not taking preventive action. The reality is that almost every organization will be the target of a cyberattack at some point, so being prepared ahead of time with a line of defense and recovery strategy is the only way to stay ahead of hackers in 2021.

When it comes to today’s threats, the Treasury Department can only do so much. Even if they manage to clamp down on this anymore than security leaders already have, the unfortunate truth is: where there’s a will, there’s a way. While it may be true there will be plenty more cyberattacks, such as extortionware, in our future, organizations that prioritize data protection and recovery will be able to weather the ransomware storm in 2021.

Drew Daniels is CIO and CISO for Druva.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.