Evolving Ransomware Threats

Ransomware

There has been an increase in ransomware attacks over the last 11 months, with no sign of slowing. These threats have evolved with threat actors now planting payloads disguised as legitimate core services, and bypasses most standard detection tools.

Companies are being affected and suffer days or weeks of downtime, crippling core business functions, and creating massive inconveniences and risk for customers. These types of attacks cause significant harm to a company’s overall reputation which ultimately leads to loss in revenue.

History and Evolution

1980 – Data exfiltration and extortion by malware delivered on floppy disks
Mid to 2000 – Extorted payment by denying victims access to their own services and systems
Mid to 2010 – Indiscriminate phishing campaigns and vulnerability scanning to deploy ransomware to a single host or a small number of hosts
2015 – Deploying of post-intrusion ransomware attacks (Ryuk, BitPaymer, Defray, etc.)
2016 to Late 2020 – Ransomware as a service (RaaS) began, as cyber criminals expanded their services, enabling paid customers the right to use already-developed ransomware tools to execute ransomware attacks.
2019 to Present – Over 4000 new ransomware variants created daily. Persistent sophisticated ransomware attacks delivered through targeted social engineering campaigns, which includes the setting up of fake companies to gain trust.

How Do You Stay Ahead?

Current ransomware attacks include sophisticated social engineering, email phishing, malicious email links and exploitation of vulnerabilities in unpatched software to infiltrate and deploy malware within networks.

Threat detection and response requires real-time monitoring, which means the need to implement a layered security strategy that includes a balance between prevention, threat detection and remediation, with a zero-trust security strategy.

Basic Security Hygiene

Deploy Active NexGen AI-Driven EDR across all Endpoints (Laptops, Workstations, Servers), we deploy use SentinelOne NexGen EDR
Deploy AI Driven Network Monitor and Containment – we use Darktrace AI which is integrated with SentinelOne
Deploy Centralized Patch Management for all Devices.
Ensure Systems are monitored daily, get external assistance if required.
Deploy MFA across critical systems.
Restrict or Remove Admin Access for regular users.
Conduct Monthly Vulnerability Assessments and Fix Issues Reported.

Closing

It is impossible to predict what the next wave of ransomware threats will be, organizations can still prepare and position themselves to detect and respond to threats in real-time.

Kevin Gordon

Chief Executive Officer

Simply Secure LLC

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.