Prevent data loss.
Ransomware continues to evolve.
Eliminate visibility guesswork.
Introduction:
Today’s modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks, a threat that 57% of security leaders expect to be compromised by within the next year. As organizations continue to evolve, in turn so does ransomware. This article will help you stay ahead of the curve. It will cover how remote work and the cloud have made it more difficult to spot a ransomware attack, as well as how deploying behavioral-anomaly-based detection can help mitigate ransomware risk.
Details:
It is interesting how ransomware has evolved. We think about these attacks as being really sophisticated. The reality is that attackers favor the tried and tested such as credential theft, password spray, network scanning, buying credentials off the dark web, or using ransomware kits. They are looking for any way into your network. Although we hear about cyber attacks becoming sophisticated, that initial point of entry really isn’t what sets the ransomware operators apart.
They are persistence and patience. The trend is that attackers understand IT infrastructure really well. Lots of companies are running Windows or Linux machines or have entities on-premises. They might also be utilizing cloud services or cloud platforms or different endpoints. Attackers understand all that. They develop malware that follows those IT infrastructure patterns. This is how they evolve get wise to our defenses.
Currently:
One evolution is the theft of data and then threatening to make it public. It is called double extortion. So part of the initial extortion could be about the encryption of your network and trying to get a decryption key back. The second part of the extortion is really about you having to pay another amount of money to try and get your data back or for it not to be released. You should assume that your data is gone. It’s very likely that it’s already been sold and is already on the dark web.
There is a misconception that if you pay the ransom, you’re going to get your services back quicker. That however is not the reality. We have to assume that ransomware operators see this as an enterprise. The expectation is that if you pay the ransom, you’re going to receive a decryption key. The reality is that only 65% of organizations actually get their data back. Even if you were to receive a decryption key, they’re quite buggy. And it’s certainly not going to open everything up. Often, you still have to go through file by file and it’s incredibly laborious. A lot of those files are potentially going to get corrupted. It’s also more likely that those large, critical files that you rely on are the ones you won’t be able to decrypt.
Additional Security Info:
Unfortunately ransomware still affects companies badly. Ransomware is run as an enterprise. The more people pay, the more threat actors are going to do ransoms. As long as someone somewhere is going to pay, there is a return on investment for the attacker. The challlenge is on the attacker. How much time and patience does the attacker have. Larger attack groups will have persistence, the willingness, and desire to carry on moving through the network. They will use scripting, different malware. They are looking for that elevation of privilege so they can exfiltrate data. They will stay in your network longer.
However attackers have a flaw. They bank on the fact that nobody is watching. Attackers can stay in the network for months. So at the point where the network’s been encrypted, or data exfiltrated, it’s too late for you. The actual incident started weeks, months or however long ago. They learn our defenses. They check if anyone will anyone notice if they elevate privilege, or if they start to exfiltrate some data. Assuming they do get noticed, will anyone even respond. These attackers have done their homework, and at the point where they are asking for some kind of extortion or demand, they’ve done a huge amount of activity. For bigger ransomware operators, there is a return on investment. They are willing to give the time and effort because they think they are going to get that back.
Closing:
Recent ransomware articles state that the best point to detect attacks is in the lateral movement stage, where an attacker is looking for exploits to pivot from or more valuable assets to steal. Unfortunately this is a challenge to detect. It is probably the most fundamental challenges we face. We know what to do to mitigate the risk of phishing ( although that’s always going to be an issue because there’s a human element to it). Unfortunately once an attacker gets that initial access, get an RDP (Remote Desktop Protocol), or credentials for the server, then they can start that lateral movement. To detect this the first step is to securing data and know what is going on. It’s hard to see the risks you’re up against when your users are everywhere and are using networks and devices that you don’t control. The best way to start is to eliminate the guesswork by gaining visibility into what is happening, on both unmanaged and managed endpoints, in the cloud and everywhere in between.
Reference link for the full story:
The Myths of Ransomware Attacks and How To Mitigate Risk.
This information is brought to you by Vectech Solutions, The Gold Standard in Cybersecurity
#detect #visibility #ransomware
