Blog

Surge of Ransomware in the corporate world

 
ransomware

Ransomware has seen a big rise in 2020. Ransomware has fast risen to the number one threat that CISOs and their Boards are concerned about. Ransomware has also seen a rise in methodical targeted ransomware attacks executed with professionalism that rivals the corporate world. Instead of a spray and pray approach, attackers have grown more targeted in selecting their victims. Though it is more expensive upfront to target an organization compared to the spray-and-pray method, attackers have realized that it usually leads to big payouts.

Organized Cyber Crime - Ransomware-As-A-Service

Attackers have realized that bringing down entire organizations and threatening data leaks, tend to result in much better payoffs. But it takes time, effort and resources to accomplish. With plenty of business on the horizon, attackers are adapting quickly by hiring affiliates, partners and platforms to execute the attacks. Commodity malware families like Trickbot have become the launch vehicle for most ransomware families, the most notorious of them being Ryuk, Maze and the new Conti. Researchers are seeing growing of collaboration between these two organized cybercrime families. Ransomware-As-A-Service is increasing becoming a popular go-to model in crimware.

Attackers have become more professional in their approach to ransom. They have dedicated collaboration platforms that allow real-time interactions with the victims, often used for negotiating ransom and providing free decryption for few files as “proof-of-life” .

Defending against ransomware

Defenders are struggling to cope with the looming ransomware threats. Traditional defences that were around signature-based detections worked well in the past but no longer suffice. There is a need for new kinds of prevention that can combine multiple behavioral models for early detection.

“Detect and Respond” alone is not sufficient. A "hunt and prevent" strategy with emphasis on proactively looking for threats is required. Organizations need is to move from reactive to a proactive and predictive strategy. Threat Hunting and Threat Intelligence play pivotal role in this strategy. Detecting attacker’s presence early on, before they have an opportunity to exfiltrate data and/or encrypt systems is paramount.

 

How to Defend against Ransomware

US-CERT has some prudent advice on tackling ransomware that can be found here , here and here. Please take time to review and take these simple steps. Ransomware attackers are fast evolving to the cadres of APT, but defending against these attackers with good cyber hygiene like MFA, patching and Awareness trainings are still quite effective.

How can BluArmour help?

BluArmour is purpose built behaviour based anti-ransomware and anti-APT engine designed to prevent attacks before they happen. Though initially designed to work without regular updates for air-gapped networks, works great on enterprise networks too with the new added centralized mgmt capabilities.

Learn more about BluArmour here and here.

 
Kiran Vangaveti
Get in Touch