Ransomware

There has been an increase in ransomware attacks over the last 11 months, with no sign of slowing. These threats have evolved with threat actors now planting payloads disguised as legitimate core services, and bypasses most standard detection tools.

Companies are being affected and suffer days or weeks of downtime, crippling core business functions, and creating massive inconveniences and risk for customers. These types of attacks cause significant harm to a company’s overall reputation which ultimately leads to loss in revenue.

History and Evolution

  • 1980 – Data exfiltration and extortion by malware delivered on floppy disks
  • Mid to 2000 – Extorted payment by denying victims access to their own services and systems
  • Mid to 2010 – Indiscriminate phishing campaigns and vulnerability scanning to deploy ransomware to a single host or a small number of hosts
  • 2015 – Deploying of post-intrusion ransomware attacks (Ryuk, BitPaymer, Defray, etc.)
  • 2016 to Late 2020 – Ransomware as a service (RaaS) began, as cyber criminals expanded their services, enabling paid customers the right to use already-developed ransomware tools to execute ransomware attacks.
  • 2019 to Present – Over 4000 new ransomware variants created daily. Persistent sophisticated ransomware attacks delivered through targeted social engineering campaigns, which includes the setting up of fake companies to gain trust.

How Do You Stay Ahead?

Current ransomware attacks include sophisticated social engineering, email phishing, malicious email links and exploitation of vulnerabilities in unpatched software to infiltrate and deploy malware within networks.

Threat detection and response requires real-time monitoring, which means the need to implement a layered security strategy that includes a balance between prevention, threat detection and remediation, with a zero-trust security strategy.

Basic Security Hygiene

  1. Deploy Active NexGen AI-Driven EDR across all Endpoints (Laptops, Workstations, Servers), we deploy use SentinelOne NexGen EDR
  2. Deploy AI Driven Network Monitor and Containment – we use Darktrace AI which is integrated with SentinelOne
  3. Deploy Centralized Patch Management for all Devices.
  4. Ensure Systems are monitored daily, get external assistance if required.
  5. Deploy MFA across critical systems.
  6. Restrict or Remove Admin Access for regular users.
  7. Conduct Monthly Vulnerability Assessments and Fix Issues Reported.

Closing

It is impossible to predict what the next wave of ransomware threats will be, organizations can still prepare and position themselves to detect and respond to threats in real-time.

Kevin Gordon

Chief Executive Officer

Simply Secure LLC