Defending against ransomware

The evolution of ransomware

In 1989, an AIDS researcher and evolutionary biologist named Joseph Popp mailed floppy disks to researchers around the world who were attending the World Health Organization’s AIDS conference that year. When the researchers inserted the disks into their desktops, they thought they were going to learn about a methodology for determining patients’ risk of contracting AIDS. Instead, they got a computer virus that is widely regarded as the first example of ransomware.¹

Download the 3-page PDF to continue reading

Understanding the impact: Current trends and implications

• Threat actors increasingly use access brokers—cybercriminals who sell stolen information, such as endpoint URLs, login credentials, and IP addresses—to gain initial access to organizations.
• Once on a victim’s network, attackers leverage persistence techniques to maintain access and make it harder for defenders to kick them off.³
• Attackers leverage advanced encryption technology to get around victim organizations’ efforts to rapidly decrypt data encrypted during attacks.
• Adversaries employ a variety of unscrupulous tactics to put even more pressure on victims to pay ransoms.

   Download the PDF to learn more

Impact of emerging technologies on adversaries and defenders

• Internet of Things (IoT) and 5G: IoT platforms and 5G networks appear to give more advantages to adversaries than to defenders, and both technologies pose similar cybersecurity risks to organizations.
• Quantum computing: Both adversaries and defenders can benefit from advancements in quantum computing, which may reach maturity in as few as five years.
• Artificial Intelligence (AI): Adversaries and defenders alike use AI and its offshoot, machine learning, to achieve their objectives and are likely to step up their adoption of these technologies in the years ahead.

Download the PDF to get more details on the impact of these technologies

Transforming cyber resilience

Deloitte can help clients design, build, and operate dynamic, business-aligned security programs wherever they may be in their cyber journey. Services related to ransomware response include, but are not limited to, the areas noted below.

We combine industry-leading strategic advisory services with deep technical capabilities and managed services to help organizations design, implement, and operate advanced cyber and strategic risk programs that build resiliency, deepen trust and fuel performance.

Footnotes

¹Ronny Richardson and Max M. North, "Ransomware: Evolution, Mitigation and Prevention" (2017). Faculty Publications. 4276, p. 11.

² The White House, “FACT SHEET: G7 to Announce Joint Actions on Forced Labor in Global Supply Chains, Anticorruption, and Ransomware,” June 13, 2021; . David Braue, “Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031,” Cybercrime Magazine, June 3, 2021

³ Ransomware Task Force, “Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force,” Institute for Security and Technology, 2021;

⁴ MITRE, Ransomware Techniques in ATT&CK; Internet Crime Complaint Center (IC3), “Ransomware: What It Is & What To Do About It,” February 4, 2021

⁵ Sean Newman, “How Ransomware is Teaming Up with DDoS,” InfoSecurity Magazine, June 18, 2021

⁶ Ransomware Task Force, Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force, Institute for Security and Technology, 2021.