By Tom McVey, Menlo Security Solution Architect
Last year, Kaseya became the victim of the largest ransomware attack in history when the Russian-linked hacker group REvil broke into the systems of an American software company and gained access to the successor systems of some 1 million other companies. The ransom they demanded was a whopping $70 million.
We saw a similar story in May 2021. Irish health services and insurance company AXA were both hit by ransomware, the former forced to shut down their systems to protect themselves, causing massive disruption and straining the country’s health care services. In the same month, a ransomware attack at the University of Northampton in the UK brought down its entire network, severely impacting student learning.
It is no coincidence that such an important attack was organized in such a short time. According to Bitdefender’s Mid-Year Threat Landscape Report 2020, ransomware attacks increased 700% in that year.
Much of this surge can be attributed to the changes brought about by the pandemic. The shift from teleworking to the necessity of forced lockouts has forced many organizations to transition from a physical to digital approach almost overnight.
A critical IT infrastructure had to be tuned. As a result, the digital landscape has expanded significantly, exposing security vulnerabilities exploited by cybercriminals on a large scale. It’s growing in size, but what’s even more surprising is that these attacks are becoming more sophisticated.
Technological advances have come a long way in recent years, many of which have been put to good use in many ways. However, for cybercriminals, the ability to leverage personal information collected by social engineering initiatives can be used to create very legitimate-looking campaigns, such as credential phishing.
It’s now easier than ever to get your target users to click a link in an email that appears to be from a colleague, trusted person or brand. One click to launch an attack.
It’s not just email. Ransomware is also built into the digital advertising and content modules of news sites, making URL filtering using white/blacklists unnecessary to prevent many ransomware attacks.
extortion attack
In addition to these complex phishing techniques, a new category of ransomware attacks is emerging: double extortion attacks. This is the case when ransomware is embedded with a response incident response tool baked directly into the malware. At the same time, tactics such as disabling/bypassing security tools, distributed denial of service (DDoS) attacks, and log destruction are on the rise. This is one of the main reasons why more than two-thirds of breaches go undetected for months.
The severity of the problem, in a 2021 Menlo Security survey, where more than two-thirds of people think cybercriminals should face jail time. Meanwhile, 60% believe that ransomware attacks should be taken seriously as terrorist attacks.
While harsher penalties may deter some threat actors, ransomware attacks are very likely to continue to grow and organizations must be proactive to protect their critical assets.
So, what can you do to overcome the challenge? Quarantine and Zero Trust – A security-focused combination that can be used to stop ransomware from tracking you.
Isolation technology is designed to protect users as they browse the web. It works by creating a virtual air gap between the Internet and corporate networks. All email and web traffic goes through an isolation layer where the content is still visible but never actually downloaded to the endpoint.
It doesn’t affect the user experience. Rather, it eliminates the risk of malware exploiting vulnerabilities in endpoints.
Zero Trust strengthens this to block both known and unknown potentially malicious activity. Assumes all web content is harmful and prevents websites from running code on your device. This is a way to protect users from untrusted actors without compromising their ability to do their job.
Using this combination, attackers prevent both from gaining an initial foothold in the network, and the ransomware has no path to reach the target endpoint.
About the author
Tom McVey, Solutions Architect, Menlo Security. Tom is a Menlo Security solution architect in the EMEA region, a leader in cloud security. He works with clients to meet their technical requirements and designs web and email quarantine deployments for organizations in a variety of industries. With a diverse cyber background, Tom provides clients with expert cyber security advice and strategic guidance. Tom previously worked at LogRhythm and Varonis.
Fair Use Notice: “Fair use” laws allow other authors to make limited use of the original author’s work without permission. Under 17 US Code § 107, “It is not copyright infringement to use copyrighted material for purposes such as criticism, commentary, news reporting, education (including multiple copies for classroom use), scholarship, or research.” As a matter of policy, fair use is based on the belief that the public is free to use portions of copyrighted material for the purposes of comment and criticism. Fair use privileges are perhaps the most important restrictions on the exclusive rights of copyright owners. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and more free of charge on its website Cyber Defense Magazine. All images and reporting are conducted exclusively in accordance with the fair use of US copyright laws.