![](https://d15shllkswkct0.cloudfront.net/wp-content/blogs.dir/1/files/2022/05/ransomware-2321110_1920-TheDigitalArtist-Pixabay.jpeg)
![](https://d15shllkswkct0.cloudfront.net/wp-content/blogs.dir/1/files/2022/05/ransomware-2321110_1920-TheDigitalArtist-Pixabay.jpeg)
The Biden administration recently issued a laundry list of essential cybersecurity protections for private-sector organizations to implement. The list runs the gamut of must-haves, including two-factor authentication, offline data backups, installing system patches and updating passwords.
Although the announcement was nominally sparked by the war in Ukraine and threat intelligence indicating the potential for Russian cyberattacks, the truth is that these recommendations have been table stakes for years already. That’s in no small part because of the growing threat posed by ransomware, which now afflicts virtually all industries, from finance, education and retail to healthcare, energy and government services.
Ransomware has become so lucrative for bad actors that, in some cases, they’re practically running into one another. Last December one Canadian healthcare organization was struck by two different ransomware groups at the same time. A “dual ransomware” attack such as this isn’t yet the norm, but it’s a trend for which I’ve seen increased evidence while researching incident response reports.
Incidents of multiple attackers are indicative of a deeper and ongoing problem: Many essential and basic cybersecurity practices still have not been adopted across the board. In the face of an increasingly hostile cyber threat landscape, organizations urgently need to begin participating in their own rescue – and that starts with implementing best practices.
A survey found that while the total volume of ransomware attacks has actually declined over the past five years, the impacts of the attacks have grown more severe, including:
These evolving ransomware attack methods have been unleashed on critical industries, such as healthcare. An ongoing pandemic hasn’t deterred attackers from going after hospitals or healthcare providers. In fact, as in the case of the Canadian healthcare provider attacked last December, ransomware groups are more unrelenting than ever.
In that incident, a ransomware group called Karma deployed an extortion-style ransomware attack against the provider — not encrypting the organization’s systems, but stealing their data and holding it for ransom.
Unbeknownst to both the provider and the Karma group, though, a second ransomware strike hit a week later. This attack, by the group Conti, deployed a more typical ransomware package that encrypted the target’s data in exchange for payment. The Conti attack didn’t encrypt just the provider’s data, though; it also encrypted Karma’s ransom note.
The healthcare provider did not even realize it was being extorted twice because the ransom note of the first attack had been concealed by the second. Two ransomware groups, two different attacks, one target environment, only a week apart.
The cyberthreat landscape is packed with bad actors ready, willing and able to attack organizations of all sizes, across all industries. And their success rate isn’t strictly because of their incredibly sophisticated tactics. Plenty of amateur groups with low-level skills have found success breaching their targets simply because so many organizations have not yet done the bare minimum to protect themselves. Breaching target networks has become so easy that attackers are practically tripping over each other in the rush to exploit vulnerable targets.
Though not the typical data breach, experiencing multiple, near-simultaneous ransomware attacks is the latest symptom of a more widespread problem: a lack of widely adopted and basic cybersecurity protections and best practices. This is both a wakeup call and a golden opportunity for many organizations.
There are many relatively easy-to-implement, overdue and extremely necessary security practices that organizations can put into place right now:
These are foundational security practices. As attackers grow more sophisticated, no organization can afford to take their foot off the gas on protecting their network and their users. Doing this work now helps minimize your chances of being a target in the future — and, in the event of an attack, helps you get back on your feet quickly.
Participate in your own rescue. Make your organization more resilient than your peers. At a time when attackers are falling on top of each other to breach targets, there’s no time to waste.
John Shier is a senior security adviser at Sophos Group plc, with more than two decades of cybersecurity experience. He has researched everything from costly ransomware to illicit dark web activity, uncovering insights needed to strengthen proactive cybersecurity defenses. He wrote this article for SiliconANGLE.
THANK YOU