Ransomware Is Bad and Getting Worse
Changes for Ransomware In 2022
Roger Grimes, a ransomware expert at KnowBe4 cautions anyone who thinks the ongoing ransomware plague is bad that it is about to get much, much worse.
“The cybersecurity industry is not yet capable of implementing a robust defense to even slow the continued increase in cybercrime, much less actually lessen it,” he said.
He noted that ransomware gangs had graduated beyond mere ransom collection. Yes, they still rake in billions. But they are also stealing intellectual property, corporate data, and credentials. In addition, the use the data to threaten the victim’s employees and customers, publicly shame organizations, and use their insider information to conduct spear phishing.
In other words, these new tactics mean that backup won’t protect the victims. Yes, a backup may help a company avoid paying the ransom. But the cybercriminals can still leverage all these other avenues to cause real problems – and ultimately force payment.
According to Coveware, 81% of ransomware gangs threaten to leak exfiltrated data. As a result, more than 60% of victims now pay the ransom. The average ransomware payment is up to $280,000 and rising steadily, along with cyber insurance premiums.
And Grimes predicts things will worsen once again. He said the bad guys are maximizing revenue potential by selling stolen data, credentials, access, money, and also going after individuals within companies, as well as organizations as a whole. They have evolved hacking-for-hire schemes, they offer product lists for sale, and in general are acting like a high-end marketing department in exploring and developing innovative new sales channels.
Anyone suffering a ransomware attack, therefore, had better do a thorough forensic examination to see how the attack began, where it spread to laterally, any backdoors introduced, credentials hacked and more. A vulnerability scan should of course be done to determine any remaining vulnerabilities and all of them need to be fixed.
Combined Ransomware Attacks
Two-pronged attacks are becoming common tactics from cybercriminals. They might quietly do some crypto mining in a site and then launch ransomware. Or they can make a ransom demand and at the same time attack their website and take down current revenue channels. The resulting financial stress makes it easier to extort the money.
As we move forward, further automation and streamlining of attacks is likely to be observed. For example, a successful incursion using a bot may result in the automatic installation of malicious program, collection of some passwords, and a scan of the environment to gather key details. At that point, the attack is escalated to senior hackers who research the potential in the environment and determine the most lucrative strategy to exploit. This is similar to how IT is operating today, and how IT is evolving: Routine actions and labor-intensive actions are automated, and alerts and exceptions are passed on to IT personnel to decide what to do.
Just as automation has become the go-to tool for hackers and is being introduced into more and more areas of IT operations and maintenance, it is automation that can help fight the battle against rampant ransomware.
How Syxsense Can Help
Syxsense has automated the entire process of patch management.
- It automates testing of patches yet gets them deployed within three hours of receipt.
- It automates patch deployment so the right patches make it to every endpoint.
- It automates patch rollback in case of any issues or incompatibilities.
- It automates the prioritization and sequencing of patches so those that represent the biggest threat are sent out first.
Syxsense also automates vulnerability scanning so that scans are done regularly to determine potential issues such as missing patches, open ports, and other vulnerabilities.