Ransomware: Protecting Against Evolving Attack Trends

Ransomware attack trends continue to evolve, and the current iterations seen during the COVID-19 pandemic are no exception. During this time, malicious actors have attacked healthcare organizations, medical trials, schools, and shipping agencies.

Considering the impact these modern attacks can have on organizations everywhere, no matter the industry, security professionals must always be ready to secure their systems, networks, and software in new ways. And according to a recent FortiGuard Labs global threat landscape report, ransomware remains a prolific threat that increased in 2020 and became even more disruptive.

Ransomware Trends Are Continuing to Change 
Ransomware is an attack methodology that has the potential to cause severe damage. As attacks grow in sophistication, the impact goes beyond just financial losses and the lack of productivity often associated with systems going down. Instead, threat researchers are increasingly seeing encrypted versions of data being posted online – not just held for ransom – along with the threat that if the ransom is not paid, all of the data will be released to the public or sold to a buyer.

As a result, organizations have begun to appear on the Dark Net with a business model centred on negotiating ransoms. And while systems like this may sound like an easy fix, they can actually have long-term negative effects, including the normalization of criminal behaviour.

Further, as IT and OT systems converge, ransomware attacks have begun to target new data and technology types. Field devices and sensors have become new targets, resulting in malicious actors shifting their focus from corporate networks to the OT edge. In turn, power grids, transportation management infrastructures, medical systems, and other critical resources are being threatened more than ever before. And this shift impacts more than sensitive information. At the OT edge, these Industrial Internet of Things (IIoT) devices is also responsible for people’s physical safety, demonstrating the severity of attacks on these networks.

A Tough Decision to Make
When impacted by a ransomware attack, some organizations may find it easier to pay than have their IT team spend days trying to recover data, all while business operations remain at a standstill. But this is not always the case. To remind organizations of this fact, the U.S.

Treasury recently warned that facilitating the payment of ransoms on behalf of cyber victims could result in legal consequences, as it sets a bad precedent for other cybercriminals. It should also be noted that paying a ransom does not guarantee that the threat will go away instantly. In some cases, the information that organizations worked so hard to protect had already been exposed and can cause additional long-term problems.

Mature Cyber Hygiene is Key
Attackers know that end-users are high-target, high-value assets. Ransomware leverages social engineering attacks, preying on fears as a way to execute malicious code on devices. With this in mind, cyber hygiene must start as a board-level conversation.

A top-down approach to creating a strong ransomware mitigation strategy includes:

  • Continuously providing employees updated on new social engineering attack methodologies so they know what to look out for.
  • Establishing a zero-trust access (ZTA) strategy that includes segmentation and micro-segmentation.
  • Regularly backing up data, storing it offline and off-network to ensure rapid recovery
  • Encrypting all data inside the network to prevent exposure.
  • Regularly practising response strategies to ensure all responsible parties know what to do in case of an attack, thereby reducing downtime.
  • Getting serious about cybersecurity training and awareness for employees as well as family and students. The home is the new branch today and a vector into the core network.

Prioritizing Collaboration to Stay Ahead of Threats
Another key factor in developing a strong security posture is working with all internal and external stakeholders, including law enforcement. More data ensures more effective responses. Because of this, cybersecurity professions must openly partner with global or regional law enforcement, like US-CERT. Sharing intelligence with law enforcement and other global security organizations is the only way to effectively take down cybercrime groups, as defeating a single ransomware incident at one organization fails to reduce the overall impact within an industry or peer group.

Cybercriminals have been known to target multiple companies, verticals, systems, networks, and software. In order to make attacks more difficult and resource-intensive for cybercriminals, public and private entities must collaborate by sharing threat information and attack data. Private-public partnerships also help victims recover their encrypted data, ultimately reducing the risks and costs associated with the attack.

When private and public entities work together, they also expand visibility. For example, a bank may suffer a ransomware attack but fail to share information responsibly with law enforcement. Law enforcement working with a credit card company also impacted by the same cybercrime group needs that information to understand the criminal organization’s full scope. Cybercrime lacks borders. Actionable threat intelligence with global visibility helps both the private and public sectors shift from taking a reactive approach to being proactive.

Create Defensive Playbooks
Similarly, by developing and sharing playbooks, which offer a detailed view of cyber criminals’ “fingerprints,” organizations can enhance their response activities. Detailing how known cybercriminal groups work only enables defenders to become stronger and more strategic. Blue Team (defensive) playbooks provide defenders with winning strategies against present and future cyberattacks.

And when paired with Artificial Intelligence (AI), security teams can leverage the playbooks to build an advanced, proactive protection framework, enabling them to respond to new threats in real-time. AI also gives them the tools necessary to evolve their methodologies at the same rate as cybercriminals so that they can create more refined and granular responses earlier in the attack cycle.

Knowledge Equals Power and Protection Against Ransomware Attack Trends
Cybercriminals will continue to cause chaos with ransomware attacks. Modern ransomware places data and lives at risk, meaning organizations must take a more proactive approach to secure their environments. From a technical standpoint, cyber hygiene, zero-trust policies, network segmentation, and encryption offer protections.

Further, these strategies work best when organizations leverage asset visibility tools to identify their critical assets – once they know where the data resides, they can create a proactive protection strategy. Finally, the human element remains as important as technology. Building relationships with law enforcement to share information and threat intelligence is the final piece of the ransomware puzzle. The only way to defeat cybercriminals is to work together against them.

For more information, visit www.fortinet.com