Ransomware: The Final Chapter

by

Ransomware is the most significant cybersecurity threat facing organizations today. But recently, officials from the National Security Agency and the FBI have indicated that attacks have decreased during the first half of 2022. The combination of sanctions against Russia, where many cybercriminal gangs originate, and the collapse of cryptocurrency markets may have had an effect, making it difficult for ransomware gangs to to extract funds and obtain their payments.

But we’re not off the hook yet. Despite a temporary dip, ransomware is not only thriving, but also evolving. Today, ransomware-as-a-service (RaaS) has evolved from a commoditized, automated model relying on prepackaged exploit kits to a sophisticated, highly targeted, human-operated commercial operation. This is why businesses of all sizes need to be concerned.

Become RaaS

It is well known that today’s cybercriminals are well equipped, highly motivated and highly efficient. They didn’t happen like that by accident, and they didn’t stay as effective without develop their technologies and methodologies. The motivation of massive financial gain has been the only constant.

Early ransomware attacks were simple, technology-driven attacks. Attacks have placed more emphasis on backup and restore capabilities, leading hackers to search for backups online and also encrypt them during an attack. The attacker’s success led to larger ransoms, and the larger ransom demands made it less likely that the victim would pay and more likely that law enforcement would be involved. Ransomware gangs responded with extortion. They moved to not only encrypting data, but also exfiltrating and threatening to make the often sensitive data of the victim’s customers or partners public, introducing a more complex risk of brand and reputational damage. . Today, it’s not unusual for ransomware attackers to seek out a victim’s cyber insurance policy to help define the ransom demand and make the whole process (including payment) as efficient as possible.

We’ve also seen less disciplined (but equally damaging) ransomware attacks. For example, choosing to pay a ransom in turn also identifies a victim as a reliable candidate for a future attack, increasing the likelihood that they will be hit again, by the same ransomware group or another. Research estimates between 50% to 80% (PDF) Organizations that have paid a ransom have been repeatedly attacked.

As ransomware attacks have evolved, so have security technologies, especially in the areas of identifying and blocking threats. Anti-phishing, spam filters, antivirus and malware detection technologies have all been fine-tuned to deal with modern threats to minimize the threat of compromise via email, malicious websites or other vectors of attack. popular attacks.

This proverbial cat-and-mouse game between adversaries and security vendors offering better defenses and sophisticated approaches to stopping ransomware attacks has led to greater collaboration within global cybercriminal networks. Much like the security hackers and alarm specialists used in traditional robberies, experts in malware development, network access, and operations power attacks and created the conditions for the next evolution of ransomware.

The RaaS model today

RaaS has evolved into a sophisticated human-driven operation with a complex profit-sharing business model. A RaaS operator who may have worked independently in the past now calls on specialists to increase their chances of success.

A RaaS operator – who maintains specific ransomware tools, communicates with the victim and secures payments – will now often work alongside a high-level hacker, who will carry out the intrusion themselves. Having an interactive attacker in the target environment allows live decisions to be made during the attack. Working together, they identify specific weaknesses within the network, increase privileges and encrypt the most sensitive data to secure payments. Additionally, they perform reconnaissance to find and delete online backups and disable security tools. The contracted hacker will often work alongside an access broker, who is responsible for providing network access via stolen credentials or persistence mechanisms already in place.

The attacks resulting from this collaboration of expertise have the feel and look of advanced, state-sponsored, “old-fashioned” persistent threat-type attacks, but are far more widespread.

How organizations can defend themselves

The new human-operated RaaS model is far more sophisticated, targeted, and destructive than past RaaS models, but there are still best practices organizations can follow to defend themselves.

Organizations need to be disciplined about their security hygiene. Computing is constantly evolving, and each time a new endpoint is added or a system is updated, it may introduce a new vulnerability or risk. Security teams should stay focused on security best practices: patches, use of multi-factor authentication, enforcement of strong credentials, scanning the Dark Web for compromised credentials, employee training detection of phishing attempts, etc. These best practices help reduce the attack surface and minimize the risk that an access broker can exploit a vulnerability to gain entry. Additionally, the stronger an organization’s security hygiene, the less “noise” there will be for analysts to sort through in the security operations center (SOC), allowing them to focus on the threat. real when identified.

Beyond security best practices, organizations also need to ensure they have advanced threat detection and response capabilities. Since access brokers spend time reconnoitering the organization’s infrastructure, security analysts have the opportunity to spot them and stop the attack in its infancy, but only if they have the right tools. Organizations should look to expanded detection and response solutions that can detect and correlate security event telemetry across their endpoints, networks, servers, email and cloud systems, and applications. They must also be able to react wherever the attack is identified to stop it quickly. Large enterprises may have these capabilities built into their SOC, while mid-sized enterprises may consider the managed detection and response model for 24/7 threat monitoring and response.

Despite the recent decline in ransomware attacks, security professionals shouldn’t expect the threat to go away anytime soon. RaaS will continue to evolve, with the latest adaptations being replaced by new approaches in response to innovations in cybersecurity. But by emphasizing security best practices combined with leading threat prevention, detection, and response technologies, organizations will become more resilient to attacks.

You may also like

Leave a Comment

About Us

Times Global Will keep you updated To the Latest News Around The Globe..

Feature Posts

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Subscribe To our Newsletter

Join our subscribers list and get Latest News directly to your inbox.