Ransomware continues to make headlines, and for good reason. It’s been predicted that businesses will fall victim to a ransomware attack every two seconds by 2031. As bad actors grow more sophisticated, companies are beginning to realize it’s no longer a matter of “if” ransomware strikes, but “when.”
So how will the ransomware threat continue to evolve, and what does that mean for how organizations should be safeguarding their data?
That’s the question we posed to members of the Foundry/IDG Influencer Network, a community of industry analysts, IT professionals, and journalists. While their predictions and advice varied, some common themes emerged from their answers.
Like a number of Influencers, Will Kelly (@willkelly), senior product marketing manager for Section, an edge computing platform, said “the evolution of ransomware is about to take some interesting turns in the remote and hybrid work world we now live in. And I expect more advanced attacks on the horizon using emerging technologies like AI and attacks taking place on individuals via home-office and smart-home networks.”
Kelly expects “granular access controls” such as Zero Trust will become standard “as hybrid work environments continue to wither against increasingly sophisticated ransomware attacks.” He also expects enterprises “to migrate even more of their on-premises applications to the cloud for improved security, in part due to the rise in ransomware.”
Kelly’s assessment was shared by Jason James (@itlinchpin), Chief Information Officer at Net Health.
“Ransomware is evolving to specifically target remote workers,” he said. “With more users working remotely than ever before, threat actors will data-mine social networks and other public-facing data to specifically target high-profile users that may have elevated privileges.”
What steps should organizations take to safeguard their data?
Aside from “the basics,” such as reducing flat networks and creating immutable backups, James says “there must be frequent training opportunities for the workforce to understand evolving threats. This is much more effective than annual mandatory training and allows the cybersecurity team to share recent threats along with security best practices.”
“Ransomware attacks will shift to new entry points like IoT devices, riskier targets like operational technology, and more business-impacting areas storing intellectual property,” observed Isaac Sacolick (@nyike), StarCIO leader and author of Digital Trailblazer. “Businesses will need several strategies to protect their data, including endpoint protection, multi-cloud backups, frequent snapshotting, and sensitive data monitoring. Smart leaders will continue to develop competitive analytics capabilities while doubling down on data protection.”
Having stronger analytics to fight ransomware also resonated with Manikandan Thangaraj, Vice President at ManageEngine.
“Ransomware is morphing into ‘disruptionware’ that goes after operational technology apart from the IT systems,” he said. “User and entity behavior analytics can help detect anomalous activities in the network and improve defenses. CISOs have to invest in the right personnel and technologies to fight different ransomware variants.”
Tapping artificial intelligence for protection
Jack Gold (@jckgld), President and Principal Analyst at J.Gold Associates LLC, said the biggest challenge companies have in preventing malware and ransomware is in overcoming human errors. He noted that there are “some very good anti-malware tools” available today, especially those built around AI/ML.
“Unfortunately, the bad actors are also adopting such capabilities, so it will be a continuous battle,” he said. “Still, companies should be deploying as many of the AI-based anti-malware tools as feasible. But they also should be creating secured isolation so that if one is infected it doesn’t quickly spread to everyone else.”
Peter B. Nichol (@PeterBNichol), Chief Technology Officer at OROCA Innovations, agreed.
“AI-driven anomaly detection and automated malware scanning take the burden off of your IT department,” he said. “These cloud-based services can orchestrate backup operations, perform checks in real-time based on threats, and identify the ‘last-known-good’ copy before restoring.
Nichol added that advanced protection services also offer air-gapped backup copies, so a backup copy is stored on a storage infrastructure that is not accessible from an external connection or the internet.
“Cyberthreats from bad actors are only getting more creative,” he said. “However, with a best-in-class data management solution in place, your team can still get rest.”
The importance of backup isn’t lost on Gene De Libero (@GeneDeLibero), Chief Strategy Officer at GeekHive.com.
“Ransomware will continue to evolve in the form of more aggressive attacks, ransomware as a service, and higher ransoms,” he said. “Embracing continuous improvement through data governance, security, and backup is the most prudent way to safeguard your data.”
Scott Schober (@ScottBVS), President/CEO at Berkeley Varitronics Systems Inc., said it’s a “misnomer” that small businesses aren’t being targeted by cybercriminals.
“In fact, CrowdStrike recently shared that 71% of ransomware attacks involved cybercriminals that were targeting small businesses,” he said. “It’s imperative that organizations of all sizes be proactive and utilize both a backup solution and a disaster recovery plan. Organizations are encouraged to take the time to store three copies of their critical data on two different types of media and in different locations. Having an immutable backup is key, one that cannot be deleted or altered in any way.”
George Gerchow (@georgegerchow), CSO and SVP of IT at Sumo Logic, echoed Will Kelly’s call for granular access control.
“Leadership needs to change their mindset from ‘data centers’ to ‘centers of Data,’” he said. “Data is no longer safeguarded by perimeter security. It’s everywhere, and granular access control and encryption are a key foundation for protecting data.”
“As the value of data increases, so does the threat of ransomware,” said Nikolay Ganyushkin (LinkedIn: nikolaygan), CEO and co-founder of Acure.
“The problem now is that many companies are becoming more and more digitally dependent, and cybersecurity and data protection are not thought of until they encounter attackers. Anti-ransomware software exists on the market, and the cost of using it is much cheaper than the risk of data loss.”
The likelihood of ‘unfortunate synergies’ between threat actors
According to Kayne McGladrey (@kaynemcgladrey), security architect at Ascent Solutions LLC, we’re likely to see “unfortunate synergies” between employees of sanctioned ransomware threat actors such as Conti or Evil Corp and Business Email Compromise (BEC) threat actors.
“This will be driven by economics,” he said. “As sanctioned entities increasingly find it hard to get paid, they can collaborate with BEC threat actors, sharing their expertise and technical skills for account compromises and lateral movement. This will allow BEC threat actors to craft more convincing campaigns based on data obtained by the ransomware threat actors. Organizations should be effectively encrypting data based on classification labels and user identities and use conditional access or insider risk detection solutions to find potentially compromised accounts before they can be used maliciously.”
In closing, Frank Cutitta (@fcutitta), CEO and founder of HealthTech Decisions Lab, placed ransomware threats in a historical context.
“For years I attended and organized cybersecurity conferences where speakers discussed data protection technologies,” he said. “Now, almost every conference has a speaker suggesting that enterprises hire ransom negotiators to mitigate the damage from data breaches. This is not to say that technology cannot greatly reduce or eliminate the odds of being held for ransom. It merely emphasizes how important best-of-breed cybersecurity platforms have become given the sophistication of bad actors in a world of cryptocurrency.”
A robust frontline defense is the first step in preventing ransomware attacks, but it’s not enough, according to Veritas. Every enterprise should develop a comprehensive, multi-layered resiliency framework—one that supports the protect, detect, and recover components of an organization’s overall cybersecurity strategy. Learn more here.