Did you hear the one about how the hacker got away from the FBI? He ran-some-where.
That is how James McQuiggan, CISSP, Security Awareness Advocate for KnowBe4, kicked off the recent SecureWorld Remote Sessions webcast titled, "Ransomware, Ransom-war, and Ran-some-where: What We Can Learn When the Hackers Get Hacked."
McQuiggan, a former cybersecurity awareness lead at Siemens Energy, used the self-professed dad joke to make a point that hackers do all they can to stay ahead of the good guys, but the good guys can learn a lot from those cybercriminals to build a proper defense. The exclusive webcast covers:
• What's happening in the ransomware realm right now
• Three tips from the cybercriminals themselves
• Conti cybercrime group insights
Register to view the webcast on-demand at your convenience and earn 1 CPE credit in the process. It will be available for viewing through August 2023.
Among the information McQuiggan shares, he discusses how and why healthcare, education, government, and retail are the top industries targeted in ransomware attacks. Bad actors see those as prime victims for extorting money.
Some scary statistics:
- Ransomware attacks increased 13% from 2020 to 2021.
- The human element was responsible for 82% of attacks in 2021.
- The global cost of ransomware rose from $325 million in 2015 to $20 billion in 2021, and is expected to climb to $265 billion by 2031.
- Ransomware will attack an organization every two seconds.
Other topics covered include Ransomware-as-a-Service (RaaS), which helps non-technical people become cybercriminals, and many of these services are free.
"Bottom line, essentially, when it comes to ransomware, as we know, it's pretty well tied to data breaches," McQuiggan said. "They're getting into the network, they're installing malware, maybe additional malware, as well. They're looking to install root kits, escalate privileges, they're deleting backups (which corrupts and affects backups)."
A tease on tips
You'll have to watch the webcast to get all the solid tips and related details, but we can tell you that patching is touched on and explained; isolating backups (the 3-2-1 rule); checking links (what users should look for and three key questions to ask when receiving a suspicious email); and more.
Again, the webcast is available on-demand now.
