10 worrisome ransomware predictions for 2019

Ransomware is so last year…or is it?

A type of malicious software that threatens to publish or block access to a victim’s data— for ransom— these attacks seemed to lose steam following the infamous WannaCry outbreak in 2017.

According to the Information Security Forum’s Global Security Threat Outlook for 2019, the frequency of these attacks did actually decrease in 2018.

So, why are cybersecurity experts predicting a resurgence this year? If ransomware is old news, why don’t industry experts have a ‘new year, new threats’ mentality?

The truth is that ransomware hasn’t gone anywhere; it simply changed its face. Where malicious actors used to seek out any vulnerable computer, they’re now targeting enterprise networks with cryptojacking malware.

And, with 80% of enterprise workloads moving to the cloud by 2020, hackers are eyeing the cloud as the next security battleground. With that in mind, here are 10 predictions for the rise of ransomware  

# 1 | No enterprise will be exempt from a ransomware threat

Enterprises of all sizes underestimate how vulnerable they are, but they can’t afford to make this mistake in 2019. When businesses don’t believe they’re a target, they don’t feel the need to put systems and processes in place to ensure they would survive an attack. For example, no one suspected last year that PGA of America’s servers would suffer a breach, but organizations that least expect it could easily become the next target for these attacks. And, the worst time to start thinking about it is when your business is in a state of emergency.

# 2 | The next few attacks will be more sophisticated

Ransomware is still a concern for good reason. We’ve really only seen the first wave of these attacks. Most recently, we’ve seen threats manifest as eerily realistic phishing emails from brands like Rackspace and even Office 365. The idea here is that if a company has 10,000 employees, that’s 10,000 opportunities to vary the approach by disguising emails as legitimate alerts or service notifications.

Enterprises have put processes in place to protect themselves in the wake of that initial wave, but we’ve yet to see the worst of what ransomware can do. Threat actors will only become more aggressive and we’ll see a greater need for enterprises to explore more sophisticated solutions. They’ll need a comprehensive option rather than a temporary fix if they plan to survive the neverending threat cycle ahead.

# 3 | Concerns will heighten around cloud security

In general, clouds are as secure, if not more secure, than most data centers. But, they have the same vulnerabilities that data centers do. This subject has come up increasingly over the last six months in talking with our own customers.

Now more than ever, they’re eager to hear about extra features RackWare offers around ransomware. In some cases, we’ll mention the necessity of those features and find that that’s already a priority. It just makes sense that security concerns will be top of mind when resources leave the four walls of a business. As ransomware threats become more sophisticated, cloud providers will need to continue introducing protective measures that won’t leave clouds susceptible.

# 4 | Cloud providers’ efforts will only go so far

When enterprises migrate workloads to the cloud, the duty of managing a physical data center, boxes or a network goes away. But, managing applications, monitoring performance and maintaining a level of security is a shared responsibility between the cloud provider and enterprise IT.

Cloud providers supply infrastructure, but it’ll be up to enterprise IT groups to make sure they have higher levels of security in the year ahead. At the same time, we’ve found that our clients prefer to ensure the frameworks they build around their applications and data can travel with them if they ever choose to change providers.

Overall, if an enterprise doesn’t have the right protections in place, it’ll only hurt them. A service provider could walk away at anytime. IT teams will need to ensure that security parameters in the cloud can meet all of today’s requirements, cover future threats and give them the flexibility they need to move around.  

# 5 | Stealthier tactics will bring some enterprises to ruin

We’ve worked with plenty of IT teams who thought that if they were hit with ransomware, they would know about it right away. Unfortunately, businesses that still share this belief will experience data compromises in 2019— and they won’t be able to survive an inability to access their data. The truth is that threat actors are smarter than they’re given credit for, which boosts the likelihood that more businesses will fall prey without a plan for quick recovery, so intrusion detection and protection solutions aren’t optional. We’ve found that several clouds offer intrusion detection, which is great for a brute force attack. However, as we’ve seen with phishing campaigns, these attacks are becoming more insidious. Hackers will infect an enterprise and let it go on for weeks or months before they make it known and, by then, it’s far too late.

# 6 | False positives will trigger uncertainty

Enterprises are beginning to implement safeguards, but those won’t be effective if the alerts aren’t reliable. If threat detection solutions regularly flag every small thing, IT teams will eventually stop paying attention— putting them and the data they’re protecting at greater risk. Organizations will want to make sure they have a smart system that flags when something is really wrong versus sending out a high volume of false alarms.

# 7 | Backup and protection plans will fail

Enterprises that have protection or disaster recovery plans in place will still succumb to a ransomware attack if they don’t routinely test or validate for their environment. Several customers have sought out our disaster recovery solution because a routine drill revealed areas for improvement or they didn’t have success when recovering from a backup into a cloud environment.

Companies that are disciplined in testing their disaster recovery and backup solutions will have what it takes to recover in the event of a breach. If they don’t test it out, they might as well not have a solution at all. Enterprise IT teams need to proactively determine what they’ll do in all scenarios to prevent sudden scrambling when an attack brings everything to a halt.  

# 8 | Enterprises will see what their cloud segmentation is made of

A good monitoring system is critical, but enterprise cloud setups will also need proper segmentation if they hope to survive an attack. Businesses will need to ensure that an infection won’t impact their entire cloud environment in the event of a breach.

# 9 | The likelihood of attack will increase

The fact of the matter is that success breeds more boldness. We’ve seen that ring true as we’ve heard about more high-profile breaches within the last year— from Marriott to Merck to British Airways. Threat actors are, unfortunately, making money off of these attacks and that’s driving them to keep evolving.

They’re discovering more opportunities to strike, which is only boosting the likelihood that your business will be impacted if there’s no plan in place.

# 10 | Security will rely on a mastery of the basics

If enterprises don’t have the right detection or backup measures in place, they’re not necessarily doomed. Mastering the basics is a good starting point. That includes investing in intrusion detection and protection.

Technology exists that can detect when an abnormal number of files have been updated. Meanwhile, that software can maintain multiple recovery checkpoints with different retention points, and check for threats once an hour for 24 hours, or once a day for seven days.

Opening up to these kinds of mechanisms for prevention and recovery can help mitigate any new threats that are coming to cloud environments.

Contributed by Sash Sunkara, Co-Founder and CEO and Todd Matters, Co-Founder and Chief Architect, RackWare.