Cyber security company TrueFort has released a new guide to defend yourself and your organisation against the growing threat of ransomware.
Undoubtedly, ransomware is one of the most pressing security issues of the 2020s, from the recent Colonial Pipeline hack in the US to the March attack against Nine Entertainment. No industry and no country remains off limits to ransomware attacks.
“Ransomware poses a threat to you and your device, but what makes this form of malware so special? The word 'ransom' tells you everything you need to know about this pest. Ransomware is extortion software that can lock your computer and then demand a ransom for its release,” Kaspersky explains.
“In most cases, ransomware infection occurs as follows. The malware first gains access to the device. Depending on the type of ransomware, either the entire operating system or individual files are encrypted. A ransom is then demanded from the victim. If you want to minimise the risk of a ransomware attack, you should rely on high-quality ransomware protection software.”
Ransomware attacks have been all over the news recently, with attacks skyrocketing over the last year. The Australian Cyber Security Centre (ACSC) revealed that ransomware cyber attacks have increased by 60 per cent over the last year. Meanwhile, according to TrueFort and Cybersecurity Ventures, the sums paid in ransom to unlock data are thought to have increased from $11.5 billion in 2019 to an estimated $20 billion in 2021.
“Attackers gain initial access to a company's network via a remote desktop protocol (RDP) or phishing attack, and distribute malware like Dridex and Trickbot,” TrueFort explained.
“They steal user credentials with tools such as Mimikatz and Lazagne.
“Next they use PowerShell Empire and Cobalt Strike to perform reconnaissance and move laterally across the environment.
“Finally they use privilege escalation via Domain Administrator access to install ransomware software.”
TrueFort explained that since the rate of penetrations continue to increase, business as usual is insufficient. Rather, they recommend creating a baseline operating time for system operations, which can be measured against ongoing execution time, to detect whether there are any changes.
“By monitoring the run-time execution of applications based on processes, identities, and network connections, organisations can establish a baseline for expected behaviours and detect anomalies indicative of ransomware, or other attacks,” it recommended.
“In addition, organisations require alerting capabilities to be notified of anomalous events and initiate automated responses such as blocking connections, killing processes, and terminating sessions. Forensics down to process execution trees should accompany alerting to provide indicator of compromise data to help incident response teams reduce identification and containment times.”
With a growing number of groups targeting upstream providers, ransomware is a problem that can impact on any individual or any business.