Rest of Asia
Rest of Asia
Rest of Asia
Rest of Asia

Ransomware Attacks Are Evolving, Your Cybersecurity Strategies Too

Cyber threats are increasing in scope and magnitude with every passing day. Among the different attacks, ransomware attacks have become very potent.

Ransomware started as a floppy disk-based attack in the 1980s, with a modest ransom demand of $189. Today, enterprises that fall victim to ransomware pay $233,217 to the hackers, on average, and suffer 23 days of downtime following an attack.

The 2017 WannaCry ransomware attack infected 200,000+ PCs worldwide. The attack took the form of crypto-ransomware worms. These worms infiltrated Windows PCs and encrypted critical files. Victims had to pay ransom in bitcoins to regain access to the files. The sheer scale of Wannacry brought ransomware to centerstage.

Enterprises soon improved their backup and data recovery process to avoid paying the hackers. But cybercriminals soon launched double extortion multistage attacks. They encrypted data and published the data on the dark web if victims did not heed the ransom demands.

Victims paying up emboldened the attackers and attracted more threat actors. Competition among attackers results in innovation, leading to more sophisticated attack methods. Enterprising cybercriminals now even offer ransomware as a service.

Ransomware attacks surged during the COVID-19 pandemic induced lockdowns. Enterprises, forced to set up remote work options overnight, could not pay cyber security the attention it deserved. Also, the increase in online businesses led to more significant opportunities for hackers.

The ransomware attack on Colonial Pipeline, the US fuel transportation company, is the most devastating in history so far. DarkSide, the notorious hacker group, breached the network and launched the attack that lasted from 6 May 2021 to 12 May 2021. The attack resulted in a nationwide panic and led to a spike in retail gasoline prices. Colonial paid a ransom of about $5 million in cryptocurrency to regain access to their servers.

Of late, attackers have realized the implications for the company if their sensitive customer data leaks. Many ransomware attackers do not encrypt data. They just steal the data and threaten to publish it. They especially target health-care providers, educational institutions, and any enterprise that handle large volumes of customer data.

Here are the strategies to avoid such situations.

1. Get the basics right

Ransomware operators, like all hackers, infiltrate the network to encrypt the files. They use various tactics such as malicious links, social engineering, and email phishing. They also exploit vulnerabilities in unpatched software. 

Enterprises who get their basics right in network security often keep ransomware operators at bay.

  • Enable multi-factor authentication on company accounts, including service accounts and social media accounts
  • Train employees to identify phishing emails and other threats. Make them aware of the modus operandi of the threat actors. Without a proper understanding of the latest modus-operandi, even highly aware and cautious users fall prey to phishing attacks.
  • Identify and monitor high-risk employees. High-risk profiles include employees with administrative rights who may launch insider attacks.
  • Assess the cybersecurity programs and protocols of vendors who access company data.
  • Test backup systems. Make sure backups remain segregated from other company systems.
  • Develop an enterprise response plan or SOP that details an action plan in case of ransomware attacks.
  • Conduct periodic security drills to validate the effectiveness of the security deployments.

Powerful tools such as CrowdStrike enable risk-based conditional access. CrowdStrike uses proprietary tools to analyze user behavior and authenticates legitimate traffic. The tool integrates with the existing security architecture and syncs with existing tools with minimal friction.

2. Undertake deep network monitoring

Ransomware operators undertake thorough research and launch orchestrated attacks on their targets. Once they breach the network, they immediately exfiltrate data. Conventional deployments, such as perimeter protection, rarely stop these sophisticated attacks. Only real-time, deep network monitoring detects the hackers’ presence.

Falcon identity threat detection tool detects identity-based attacks and anomalies in real-time. The tool offers real-time monitoring of the network traffic, and offers deep visibility without ingestion of log files. Unified visibility into the cloud and on-premise stacks of the enterprise enables complete and comprehensive protection.

The insights: 

  • Identifies shadow administrators, stale accounts, shared credentials, and other attack paths. 
  • Detects abnormal user behavior and account misuse, to protect against insider and lateral threats.
  • Detects anomalies to authenticate traffic.
  • Enable frictionless remote access with step-up multi-factor authentication. 

 

3. Enforce zero-trust security

Effective defense against ransomware requires a zero-trust approach. Enterprises need to verify each asset and transaction before granting network access.

The enterprise may impose various levels of verifications, including:

  • Ensuring the systems requiring access have the latest patches installed
  • Implementing password-less multi-factor authentication (MFA)
  • Deploying unified endpoint management (UEM).

The success of the zero-trust approach depends on network transparency. Unless the enterprise knows about its network endpoints and the connected devices, it cannot apply the zero trust filters.

About 80% of network infiltration occurs due to compromised identities. CloudStrike Falcon identity protection tool deploys advanced AI for identity protection. The tool enforces risk-based conditional access based on behavioral analysis. On detecting behavior changes or risky traffic, it triggers step-up authentication with MFA only if the risk increases or the behavior changes.

4. Deploy advanced AI tools

The scale and complexity of today’s network make conventional tools redundant. AI-based tools powered by Machine Learning algorithms rise to the task. AI-based tools:

  • Identify and block phishing pages and emails in real-time. Cybercriminals need access to the network to siphon off data. They send phishing emails or messages to trick users into revealing credentials.
  • Stop data exfiltration in real-time.
  • Analyze domains and subdomains to distinguish between legitimate and malicious domains.
  • Aggregate and prioritize events based on severity and threats.
  • Spread threat intelligence. Consider an incident of compromise in a cloud instance. The tool passes on such information to other endpoints, enabling prompt countermeasures.

CrowdStrike leverages industry leading threat intelligence and telemetry solutions, such as MITRE ATT&CK, to stop ransomware. CrowdStrike’s OverWatch team deploys sophisticated techniques to relentlessly hunt and stop even the stealthiest of threats. 

Dodging ransomware requires a holistic view, with deep visibility, integrated preventive measures, and proactive counterstrikes. Solutions such as CrowdStrike offers an effective remote access solution for enterprises, cutting across sizes.

Tags:
Email
Twitter
LinkedIn
Skype
XING
Picture of Christopher Khor

Christopher Khor

Christopher provides technology insight as well as advising & coaching services to IT Professionals. He is also an Adjunct Teaching Mentor with SMU Business School. He graduated with an MBA as well as MSc(Computer Science) and has over 30 years of working experience, serving in critical roles such as IT Director and CIO positions. He believes in the power of relationship building and people development through mentoring and coaching organizational success.
Picture of Christopher Khor

Christopher Khor

Christopher provides technology insight as well as advising & coaching services to IT Professionals. He is also an Adjunct Teaching Mentor with SMU Business School. He graduated with an MBA as well as MSc(Computer Science) and has over 30 years of working experience, serving in critical roles such as IT Director and CIO positions. He believes in the power of relationship building and people development through mentoring and coaching organizational success.
Blog or Generic
Ask Chloe
Proofpoint
Tricentis
Proofpoint
Tricentis

Recommended For You

View More
IT Knowledge Zone is the leading source for transformative tech blogs, events, and use cases in the APAC region that provide deep contexts to help business leaders make smart decisions and stay on top of innovative tech solutions.
  • Follow Us On
ITKZ Follow Us On LinkedIn
  • Office Address

9, North Buona Vista Drive, # 02-01
The Metropolis Tower One
Singapore 138588

IT Knowledge Zone is the leading source for transformative tech blogs, events, and use cases in the APAC region that provide deep contexts to help business leaders make smart decisions and stay on top of innovative tech solutions.
  • Office Address

9, North Buona Vista Drive, # 02-01
The Metropolis Tower One
Singapore 138588

  • Follow Us On
ITKZ Follow Us On LinkedIn
2024 © IT Knowledge Zone. | Supported by Pulley Ascent (Asia) Pte. Ltd.
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.