Ransomware attacks spiked by 250% from Q1 to Q2 of 2021. By the end of 2021, it’s estimated that an organization will be hit by ransomware every 11 seconds. A Venafi-sponsored study conducted by Sapio Research evaluated data from 1,506 IT security officers across the U.S., U.K., Germany, France, Benelux and Australia to explore how InfoSec leadership is responding to the rapidly growing risk of ransomware attacks. See the results in our Global Security Report.
The U.S. Department of Justice (DOJ) is giving ransomware attacks a priority level similar to terrorism. The Venafi-sponsored survey asked respondents if they agree with the characterization.
Overall, 60% agree with the DOJ’s prioritization of ransomware threats. As a manifestation of this concern, almost half of the respondents said they have experienced a ransomware attack over the prior 12 months.
More than three quarters (77%) of the organizations in the study are confident that the security tools they have in place will protect their organization from future attacks. Interestingly, organizations exude this confidence despite the fact that over two thirds of them have experienced a ransomware attack in the last 12 months.
Of particular interest, executives seem to be more confident in ransomware prevention than security leadership, according to the survey, with 80% of directors and C-level executives expressing confidence in their ransomware protection. On the other hand, only 69% of security team leaders were confident in protective measures.
Are organizations adopting the most effective tools to break the ransomware kill chain?
While organizations have security controls in place today to help protect against or limit the impact of a ransomware attack, many of these security controls are not optimized for perimeterless networks where DevOps methodologies and software-defined networks require different security strategies to break the ransomware kill chain. And these tools have very low adoption rates, according to the study.
Current security controls used protect against or limit the impact of a ransomware attack:
- 43% VPN
- 36% Regular encrypted backups
- 35% Anti-phishing
- 31% Vulnerability scanning
- 29% Secure domain controllers
- 28% Require all software be digitally signed by their organization before employees are allowed to execute it
- 25% Regular patching program for applications and OS
- 25% Configuration management
- 25% Business transaction logging
- 21% Remote services and RDP
- 21% Restrict execution of all macros within office documents
- 18% Restrict use of PowerShell using group policy
Of the tools listed above, only three are designed to add specific new layers of control for cloud and DevOps environments that help to break the ransomware kill chain: internal code signing, restricting macros and restricting PowerShell scripts. Yet these three tools have very low adoption rates.
- 28% of organizations require that all software be digitally signed by their organization before employees are allowed to execute it.
- 21% of organizations restrict execution of all macros within Microsoft Office documents.
- 18% of organizations restrict use of PowerShell using group policy.
Digital code signing, is currently being used by only 28% of respondent organizations overall, despite it being a deterrent to ransomware attacks. And while a higher percentage of large organizations (5,000 or more employees) employ digital code signing as a control, that percentage is well below 50% despite the fact that such a high percentage of these organizations have already experienced ransomware attacks.
Restricting execution of unsigned Office macros can negatively impact productivity. However, 43% of all malware downloads are malicious Office documents in July 2021, up from 20% at the beginning of 2020.[i]
Moral dilemma for organizations paying ransomware
Almost 1 in 10 (8%) of the organizations who have suffered a ransomware attack in the last 12 months paid the ransom but 22% believe it is morally wrong to pay a ransom even if it had seriously compromised critical systems of data—and this figure rises to 34% when looking at business owners, according to the survey.
However, of those who would pay a ransom, if they had to publicly report payment, 57% of people would change their decision to pay.
Investing in ransomware prevention
More than three quarters (77%) of the organizations say they will increase spending on ransomware security controls over the next 12 months, indicating that security teams realize their current strategies do not provide enough protection. These investments can be justified becausethe cost of a ransomware attack can quickly rise far beyond the cost of the ransom price itself.
In 2020 the total amount of ransom paid by cyberattack victims was close to $416 million. This figure is projected to double in 2021 and double again in 2022. And the total average cost to rectify ransomware attacks is estimated to be US$1.85 million, more than double the US $761,106 cost reported in 2020, according to Sophos.
The rising costs of a ransomware attack and the increasing frequency of attacks require more sophisticated security controls, explains Kevin Bocek, vice president ecosystem and threat intelligence at Venafi.
“Organizational environments now extend far beyond traditional perimeters, and so we can no longer rely on yesterday’s tools to win this high-stakes battle,” says Bocek.
“Controls like code signing, restricting the execution of malicious macros and limiting the use of unsigned scripts based on corporate security policies use a high level of automation to prevent ransomware in our machine-centric, digitally transformed world,” according to Bocek.
- Code Signing Certificates [Your In-Depth Guide]
- Venafi CodeSign Protect
- Certificate Management for Code Signing
- CISO’s and CIOs: Are you aware of the lurking time bombs?
[i] Netskope. Hey, You, Get Out of My Cloud. July 2021