Ransomware gangs are evolving their techniques. They are going beyond phishing emails with ransomware in links and files and have adopted newer ways to attack businesses and cause damage.
Steal And Encrypt
The general goal of ransomware is to hold your data hostage until you pay a sum of money, typically in the form of bitcoin, so that it is more difficult to trace. However, over the past several years, law enforcement, the US Government, and cybersecurity professionals across the globe have advocated against paying the ransom, as it doesn’t guarantee you’ll get your data back, and it fuels the cycle of more ransomware attacks. Cyber gangs have caught on, and decided to change things up a bit.
New ransomware attacks are to steal and encrypt your data, making the ransom that much more enticing to pay. Why? Because your data is being easily sold to the highest bidder, and leaving you high and dry. And, because many organizations have procedures to back-up their data, cyber criminals needed a bit more leverage to get their payout. This is where the steal and encrypt idea comes into play.
In the past, the ransom has been about the encryption. However, the threat of data being encrypted is less scary when organizations back-up their information. But the threat of selling your data? Well, that doesn’t go away even when you utilize your back-ups. Thus, these cyber gangs are making money off organizations via the “steal” component of their scheme. Organizations are paying to not have their data leaked online and are also going through the process of restoring their data on their own.
But, this new approach to ransomware doesn’t need to leave you in a state of panic. Rather, stick to using a few basic approaches to block the efforts of these cyber gangs:
- Ensure you create and deploy a strong patching strategy to help alleviate vulnerabilities.
- Apply the latest security updates as soon as they are released.
- Continue to provide training to employees on phishing emails, and their on-going threat.
- Implement two-factor authentication across your organization.
- Deploy EDR (Endpoint Detection & Response virus software)
- Regularly update your backed-up data and do recurring test restorations
Distributed Denial of Service
This Distributed Denial of Service (DDoS) approach leverages the steal and encrypt idea, with a bit of a twist. DDoS essentially launches a coordinated, on-going attack on your website, that eventually causes your website to crash.
This coordinated attack comes from a large number of internet-connected devices that have become infected, unknowingly. And, when they are linked together into a network, they can unleash a bit of fury on your website, over and over. How did they become infected? Well, they likely did not have the latest security updates, patches installed or they were not properly configured.
And, once this attack is launched on your website, ransomware gangs are demanding payment for the “keys” to decrypt your scrambled website and data, or their attacks will continue. And, they are stealing the data too, which means your back-ups, while important, may not be useful in this scenario.
Since the attack, in this case, is denial of service, organizations need to focus on DDoS protection:
- Add DDoS protection services to your cybersecurity plan. This service can detect abnormal traffic flows, which is the name of the game with this type of attack, and redirect traffic away from your network.
- Up your game when it comes to cybersecurity and all of your internet connected devices. Ensure all patches, have all the necessary security updates in place and are configured properly.
- Install EDR (Endpoint Detection & Response antivirus software)
- Configure your firewall to restrict traffic coming into and leaving your infrastructure.
- Ensure all internet connected devices within your organization follow appropriate security measures.
Yes, the thought of a ransomware attack is scary, but with the proper precautions in place, along with a strong plan, you can mitigate some of that risk. And, mitigation can provide both a sense of calm, and the wherewithal to react appropriately, if an attack happens.
Need Help with Your Cybersecurity Strategy?
If you need assistance in optimizing your cybersecurity strategies, you should contact us to speak to a cybersecurity specialist. Intivix is a proven leader in providing IT Consulting in the Bay Area. Contact us at (415)-549-9681 or send us an email at [email protected] today, and we can help you with any of your questions or needs.