Ransom Trends Worrisome

Ransomware Attack strike without warning to cripple a company almost instantly; one that afflicts organization regardless of their size, industry, or importance.Ransomware has become an existential threat to literally every office in the world.There has arguably never been a threat that exists on this scale. Most alarming of all: ransomware is getting worse. 

RANSOMWARE SHIFTS FROM ONE TARGET TO MANY

The explosion of attacks we saw in 2020 looked a lot like the attacks from years past, at least in their early stages. Then, attackers would use a phishing attack or exploit some known/unknown vulnerability to gain entry to an IT network. After this initial breach, there was a gradual introduction to automatic propagation methods. But, today, a single target isn’t enough anymore. There would be a shift to human operable ransomware that disregards small networks.

Today’s ransomware attacks move laterally through organizations by hunting for high privilege credentials and exfiltrating information. Their goal is to hit as many machines as possible and maximize the damage. More than just locking up the machines, they’re trying to steal data they can use for various nefarious purposes on top of demanding a ransom. The difference between this form of ransomware and earlier forms is the difference between an attack and an onslaught.  

Preventing these lateral movements not just hoping to detect them must be a priority for the security team. Otherwise, a single ransomware attack could cut so deeply that it’s impossible to recover.

HUMAN-OPERATED RANSOMWARE ATTACKS PEAKS

For all their effectiveness, ransomware attacks are simple. They follow an assigned pathway and fail if they encounter unexpected resistance along the way. With the advent of human-operated ransomware, however, the attacks have gotten much more sophisticated. 

Instead of relying on malware to drive the attack, human-operated ransomware has an operator at the wheel, guiding it around resistance, through safety measures, and towards the most valuable target possible. These attacks are more persistent and, not surprisingly, far more effective and destructive. 

By shifting to a zero-trust framework; a preventive strategy saves time, money, and your reputation. 

SPEAR PHISHING REPLACE MASS PHISHING

Spear phishing campaigns have become the preferred delivery method for ransomware. Adversaries will pick an intended target, then customize an email message to sound as believable as possible. This sharply contrasts with regular phishing,involves a broad-strokes approach that when sending bulk emails to massive lists of naive contacts.  Unsuspecting users will then click a link or download an attachment that results in malware infection.Spear phishing campaigns are also getting more sophisticated: with domain spoofing techniques, cybercriminals send spear-phishing emails from addresses that look exactly like authorized senders. 

This can only mean one thing: more attacks that successfully breach the perimeter. And, as the previous three points emphasize, attacks can deal devastating amounts of damage once inside. Ransomware looks more formidable than ever. 

WAY FORWARD TO PROTECT

Cybersecurity strategy built around AV and EDR is doomed to fail. By the time these defenses kick in, it’s already too late. The best advice comes down to this: evolve or die. Prevention is the only defense that works. This means adopting a proactive cybersecurity strategy focused on zero trust, reducing the attack surface, and, of course, moving target defense.