Updates on 2023 Cybersecurity, will Ransomware shift its primary focus away from encryption?
2023 Cybersecurity: We saw a discernible increase in ransomware incidents including data theft and encryption incidents. Even while this was nothing new in 2022, it became much more obvious that attackers preferred a variety of extortion techniques. In addition to an increasing emphasis on data deletion, this trend is projected to pick up steam in 2023 coupled with a revived focus on data backups. The number of encryption events will probably decline in response to these increases.
One of the most sophisticated and feared threats in the current security landscape is ransomware. Ransomware is a specific type of malware that is intended to compel the encryption of victim’s files. The attacker then demands money from the victim in return for the decryption key, which may then be used to regain access to the data. In addition to the inconvenience experienced when the data was unavailable, costs can range from a few hundred dollars to millions. Furthermore, there is no assurance that the claimed key will be delivered, even if the ransom is paid. Ransomware prevention should be a top priority for every organization’s cyber defence strategy since ransomware attacks pose a much higher hazard than simple data theft.
What is Ransomware encryption?
The malware writer and online crooks, both work using the same suite of cyphers that the government uses to protect classified information.
SHA (Secure Hash Algorithm).
AES (Advanced Encryption Standard).
ECDH (Elliptic Curve Diffie–Hellman).
These are merely acronyms without understanding how malware writers employ the potent cipher or how the cipher functions. For this reason, we will first define what encryption is. Theoretically, encryption refers to the process of encrypting data such that only those with access can decode it.
The real act of encoding (and ransomware encryption) consists of swapping out the characters with new ones. An encoding cipher appears when such characters are combined with a certain method of replacement. The same idea is used in file encryption, except a new character is substituted for the file’s usual code. Characters are substituted differently depending on the algorithm that is being utilized and how powerful it is.
Now that we know how it works, hopefully, it’s time to focus on the different kinds of encryptions that are available. There are two known types of it:
Symmetric (Private) key encryption – a system where the sender’s and the recipient’s keys are identical. It is currently used in the majority of chat systems you use, like Viber, Skype, and others, and is mostly used for secure communication.
Public key encryption – this kind of encryption contains a public key that is widely accessible to everyone. The user’s knowledge of the decryption key is the only need.
Will Ransomware Stop Focusing on Encryption?
Ransomware will stop concentrating primarily on encryption in 2023. The capacity of ransomware victims to recover their data without having to pay the attacker for a decryptor is getting better thanks to technology and generally accepted best practices. This is related to the fact that it has come up in numerous public conversations that purchasing decryptors frequently leads to lost data or more ransom demands, which is why the FBI advises against doing so.
Cybercriminals have discovered that a ransomware event’s “hack and leak” component offers a second extortion alternative or another revenue stream. As rules and governance requirements become more prevalent, this becomes more obvious.
Conclusion: Making an efficient encryption/decryption tool requires more technical work than simply stealing data and then using a variety of techniques to alter victim data. For ransomware criminals, stealing data, offering to “sell it back,” and if that doesn’t work, threatening to publicly disclose the data or sell it to other bad actors, is probably a lesser technological hurdle. Data destruction can also put a victim under a lot of stress, which benefits the cybercriminal.