The Rise of Nation-State-Sponsored Ransomware and How Businesses Can Protect Themselves

August 14, 2017 by Michael Bruemmer

As if ransomware attacks weren’t diabolical enough, a new wrinkle may be emerging — hiding something even worse behind the ransomware assault.

The recent Petya and WannaCry incidents, which affected hundreds of thousands of people plugged into networks in more than 150 countries, are examples of the latest trend in ransomware. Many cybersecurity watchers believe both viruses were intended to conceal state-sponsored attacks with darker objectives beyond the monetary gain that is typically the aim of a ransomware attack. In fact, security software giant Kaspersky has said they believe Petya is actually a “wiper” — malware designed to destroy and damage systems and data — masquerading as ransomware. The malware can’t be unlocked, even if the victim pays a ransom, Kaspersky says.

Ransomware as easy camouflage

Any nation seeking to conceal its cyber espionage would find ransomware a handy and easy-to-use camouflage. As cyberattacks go, ransomware is easy to implement and conceal. What’s more, concealing darker activities as “mere” ransomware allows perpetrators to “control the (media) narrative of the attack,” Matt Suiche, co-founder of cybersecurity firm Comae, blogs.

We know cyberthreats of all types, including ransomware, continue to evolve rapidly. While it’s impossible to know if there is a direct correlation between the rise in ransomware attacks and known attacks by nation-states, we’re seeing a clear increase in both. Companies should stay alert to the ever-changing ransomware landscape, and stay mindful of key factors, including:

  • In the first eight months of this year, the largest ransomware attack in history, WannaCry, occurred. It affected more than 300,000 computers in 150 countries, including systems of the UK’s National Health Service, American hospitals, FedEx, Nissan plants, universities in China, and banks and telecom providers in Russia. Petya soon followed, spreading across Europe, the Middle East and the United States, and affecting businesses, government agencies and infrastructure.
  • Ransomware attacks were 35 percent higher in the first quarter of 2017 than over the same period in 2016, according to Beazley’s April Breach Insights. What’s more, Kaspersky reports mobile ransomware more than tripled in the first quarter.
  • While ransomware motivations are evolving beyond monetary gain, the effects of the attack can be devastating for companies, regardless of the reasons behind it.

What businesses can do

Businesses are not powerless. They can take action to protect themselves from all kinds of cyberattacks, including politically motivated ransomware attacks. Unfortunately, we know too many companies aren’t doing enough. In a survey sponsored by Experian, Ponemon found 45 percent of companies aren’t preparing to deal with a ransomware attack, and only 17 percent train their employees about ransomware risks.

To prepare for a ransomware attack, businesses should:

  • Update software and systems. WannaCry profoundly affected Britain’s National Health Service (NHS), in part because the NHS allegedly ignored multiple security warnings that it needed to update and protect its systems. Updating business software is a basic and essential cybersecurity measure.
  • Backup files. Another often-ignored step, backing up data daily and storing it in a secure location can ensure that when ransomware affects critical systems, businesses will still be able to access their information — and function.
  • Purchase cyber insurance. Just 38 percent of companies have cyber insurance policies in place, Ponemon found. Yet cyber insurance can be crafted to cover ransomware, and could help defray expenses from the actual ransom and forensics work to recover systems, to covering the costs of disruption in business.

If nation-states are moving to use ransomware as a means to hide more nefarious objectives, there’s not much businesses can do about it. However, a strong proactive stance on cybersecurity can help ensure that when a ransomware attack occurs, your business may be able to minimize its impact — regardless of the reasons, individuals or governments behind the attack.