To protect against phishing attacks, the most frequent attack vector for ransomware, enterprises need to adopt solutions like Email Gateway Security and a sandbox solution at the network layer
This is an exclusive article by Srinivas Yadav Karri CISO- KFin Technologies Limited and edited by Dr Suresh .V. Menon
A type of virus known as ransomware encrypts files on infected computers and withholds the key to unlock the files until the victim pays a ransom. Over the past three years, ransomware has grown incredibly quickly and has transformed into a very profitable business model. Ransomware is being used by sophisticated advanced persistent threats to increase their earnings through a variety of monetization techniques. With often-released updates and constantly changing tactics and strategies, detection is becoming more difficult.
In a society where everything is digitally saved, information may be accessed 24 hours a day, 7 days a week, over the internet, and at a lower cost. With just one click, everything is completed effortlessly and efficiently. Digitalization has improved computer users’ quality of life. If used as a whole, digitization has reduced crime by making tasks easier to do and by reducing paperwork. However, it still poses a security issue for a person’s private and confidential information. Numerous thefts or cyberattacks, such as Trojans, phishing, intrusions, spam, and viruses, happen. Theft also includes ransomware. It is a type of illness that, once spread, is challenging to cure. It corrupts all crucial files and data on the user’s computer system. When ransomware is triggered on a ransom, only then will you be able to access the files. It becomes more challenging to identify files or data that have been compromised. There are only two options left for the user at that point: either pay the ransom, which does not ensure that we will receive our file back (in an unencrypted format), or format the computer and turn off the Internet. In the example of a ransom attack below, a user’s computer has been locked, and he is paying a ransom to get access to his data. The 2017 WannaCry ransomware assault was the worst one to date. WannaCry Ransomware is an example of malicious software that prevents users from accessing files or systems and holds them, hostage, by encrypting them or entire devices until the victim pays a ransom in exchange for a decryption key that enables them to access the encrypted files or systems. It could be challenging to picture. 1989—27 years ago—saw the emergence of the first ransomware. Although it was known as the AIDS Trojan, it appears outdated today. Floppy discs were used to propagate it, and the ransom was paid by shipping $189 to a Panamanian post office box. There are numerous different varieties of ransomware, including WannaCry, Crypto Wall, Crypto Tear, Fusob, and Reveton. More than 200,000 people were victims of the ransomware WannaCry, which attacked several hospitals, businesses, academic institutions, and government agencies across at least 150 campuses. All machines were locked, and a ransom was requested.
In the last five years, ransomware assaults have become one of the most common cyberattacks hitting enterprises all over the world. According to the Verizon Data Breach Investigation Report (DBIR) 2021, 37% of international firms reported being the target of ransomware. By the middle of 2021, there has been a 151% annual rise in ransomware assaults. The first ransomware strain to rewrite the master boot record and encrypt the master file table was Petya, which initially appeared in 2016. These ransomware methods soon locked victims out of their whole hard disc . In June 2017, Ukraine became the target of a significant cyberattack using a new Petya variant known as NotPetya. NotPetya quickly spread and affected businesses all over the world. A sophisticated ransomware variant known as Ryuk was released in 2018 and quickly rose to prominence as one of the most effective ransomware campaigns ever. Attacks by Ryuk were specifically targeted, and the typical ransom amounts are 15 to 50 bitcoins, or roughly $100,000 to $500,000. When REvil, also known as Sodinokibi, initially arrived in April 2019, he was incredibly successful right away. In 2019, researchers identified the Maze ransomware variant, which introduced the double extortion strategy of data exfiltration before ransomware deployment. The Egregor RaaS double extortion variation first appeared soon after Maze split up in 2020. A Conti and Darkside that caused significant global cyber incidents first appeared in 2020. In 2021, LockBit 2.0, a new version of Lockbit with enhanced features, debuted. The most recent version of LockBit 3.0, which was found in June 2022 now contains a Big Bounty Program (BBP) in its toolbox. A well- known ransomware organization called Conti was defeated in 2022, and new organizations like Black Basta, Hive, and Quantum came into being and currently dominate the ransomware threat environment.
All distribution channels must be covered by controls, and as part of defense-in-depth strategies, controls must be deployed at various levels.
To protect against phishing attacks, the most frequent attack vector for ransomware, enterprises need to adopt solutions like Email Gateway Security and a sandbox solution at the network layer. Web application firewalls (WAFs) are effective in blocking initial access from exploits that aim to compromise apps with a public interface. Communication with command-and-control servers can be stopped using intrusion prevention systems (IPS) and content filtering tools. As a form of extortion, the majority of sophisticated ransomware campaigns also exfiltrate data. Solutions for data loss prevention (DLP) are a crucial safeguard against data leaking.
Organizations need to adopt endpoint detection and response (EDR) or Extended detection and response (XDR) solutions at the endpoint layer in addition to an anti-virus (AV) solution to identify harmful activities such as the creation of a malicious process.
Additionally, businesses need to have a strong vulnerability management strategy that focuses on securing the network’s workstations and servers. Attackers use exploit kits to take advantage of a weakness in systems and technology. As an illustration, the Rig exploit kit that targets some of the Adobe flash vulnerabilities regularly distributes the Locky ransomware. Therefore, having completely patched and current systems and applications is essential.
The majority of ransomware dissemination techniques call for user engagement. Therefore, businesses must develop a thorough security awareness program for their staff and educate them on how hackers utilize social engineering to deceive users.
One of the most common cybercrimes that threat actors use to increase their revenues is ransomware. Ransomware has also been used by nation state actors to further their geopolitical objectives. Resilience and backups are no longer sufficient for stopping such attacks for organizations. Threat actors have developed their strategies and now use several extortion techniques to blackmail victims. Organizations must use a multifaceted approach to stop, protect against, and counteract such persistent attacks. Businesses must make significant investments in creating a cyber fusion strategy that emphasizes fostering cooperation and unity among multiple cyber defense teams. To comprehend the campaigns of interest, cyber threat intelligence exchange with ISACs, and law enforcement organizations is crucial. Adopting a Zero Trust Approach when designing the network is also advised.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics