ransomware Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :


The fastest growing threat

960 640 Guest Post

By Atech

Did you hear about the hackers who got away from the scene of the crime? They just ransomware.

There are countless evolved versions of this joke out there. Just as the jokes are evolving, ransomware attacks are evolving, too, and they are not funny. The true cost of an attack consists of both the cost of the forensic investigation, any downtime suffered, and on top of that any costs that the business agrees to pay the threat actors. The damage can have a lasting impact on the business.

According to the UK National Cyber Security Centre, there were three times as many ransomware attacks in the first quarter of 2021 as there were in the whole of 2019. And research by PwC suggests that 61% of technology executives expect this to increase in 2022. Once again, we can largely blame this on the pandemic, and the growth in the amount of activity carried out online and in digital environments.

Ransomware typically involves infecting devices with a virus that locks files away behind unbreakable cryptography and threatens to destroy them unless a ransom is paid, usually in the form of untraceable cryptocurrency. Alternatively, the software virus may threaten to publish the data publicly, leaving the organization liable to enormous fines.

Ransomware is typically deployed through phishing attacks – where employees of an organization are tricked into providing details or clicking a link that downloads the ransomware software or malware onto a computer. However, more recently, a direct infection via USB devices by people who have physical access to machines is becoming increasingly common. Worryingly there has been an increase in these types of attacks targeting critical infrastructure, including one at a water treatment facility that briefly managed to alter the chemical operations of the facility in a way that could endanger lives. Other ransomware attacks have targeted gas pipelines and hospitals.

Education is the most effective method of tackling this threat, so read on to find out what you can do to fight this threat more effectively than ever before.

ContiLeaks: Ransomware gang suffers data breach

960 640 Guest Post

By Varonis

Conti, one of the most infamous, prolific and successful big game ransomware threats, has suffered yet another embarrassing leak with a treasure trove of both internal chat transcripts and source code being shared by a reported Ukrainian member.

Having previously had their internal manuals and tools exposed by a disgruntled affiliate in August 2021, these latest leaks appear to be in response to the group “officially announcing a full support of Russian government” [sic] and that they would respond to any attack, cyber or otherwise, against Russia with “all possible resources to strike back at the critical infrastructures of an enemy”.

Given that members of the group may themselves be Ukrainian or have close ties to the country, this warning likely inflamed tempers leading to both the warning being updated and these subsequent leaks.

Much as the previous leak allowed their toolsets to be analyzed and revealed common indicators of compromise (IOC), analysis of these recent data leaks and chat logs provides insights into how Conti, and likely other similar ransomware groups, coordinate and conduct their operations.

The outcome of these leaks remains to be seen; Conti and its members may be forced to disband or, as is often the case with ransomware groups, lay low for a period before rebranding and relaunching their operation.

Click here to finish reading the full blog post or visit the Varonis website here.

Backup is dead: True Cyber Protection is the way ahead

960 640 Guest Post

By Adam Brace, EveryCloud

So, is Backup Really Dead? In the traditional sense we would say yes, as Cyber Criminals have developed and deployed ways that mean backing up alone is not enough to provide true data protection. Now (and especially in the future), to be fully protected, organisations need to ensure their data is recoverable, accessible, private, authentic and secure.

Cyber-attacks and especially Ransomware attacks are rampant within businesses across several industries and show no sign of slowing down. These attacks are not only increasing in frequency but also in complexity and businesses are not adequately protecting themselves against these attacks.

Over $20 Billion dollars was paid out last year due to Ransomware alone with the average amount in the region of $570k. Over 500,000 new viruses are released on a weekly basis so recoverability must be a critical component of any business continuity plan going forward.

Everybody is at risk. Cyber-attacks have become very automated and happen at an industrial level. Many of these attacks are now managed by Artificial Intelligence (AI). Being cheap to deploy means any business is at risk. We are finding, however, that those most at risk tend to be small to medium-sized businesses as well as consumers. This is mainly due to those businesses not having the budgets to deal with the attacks.

Another reason these attacks are successful is a lack of knowledge in how to put adequate prevention in place.

73% of Ransomware attacks could have been avoided by patching.

Having the right tools in place to automate patch management can alleviate these threats drastically.

We are finding that right now businesses want technology that can simplify their backup management all while ensuring disaster recoverability. They want to be proactive in their defence with the ever-increasing threat of Ransomware attacks and are eager to put the correct tools for their needs in place.

Partnering with Acronis, we help businesses improve security and avoid downtime, whilst eliminating complexity and reducing cost. We help you modernise your cybersecurity and backup with a complete integrated solution.

Find out more here: https://hubs.li/Q014mzVv0

Ransomware Year in Review 2021

960 640 Guest Post

By Varonis

In 2021, attacks became highly effective and impactful. At the same time, high-volume indiscriminate ransomware threats remained omnipresent throughout the year.

In this post, the Varonis Threat Labs team shares what they observed in the wild while working on ransomware investigations.

Overall, the team identified these five ransomware trends that shaped 2021:

  1. Ransomware-as-a-Service became the go-to model for attackers. 2021 saw a shift toward the Ransomware-as-a-Service (RaaS) business model, where groups recruit affiliates or partners to conduct specific parts of their operation.
  2. Attackers crafted bespoke ransomware. In 2021, threat actors bullied targeted organizations with victim-specific ransomware designed to avoid detection and ensure the efficacy of the attack within the victim’s environment.
  3. Attackers went “big game hunting.” Sophisticated ‘big game hunter’ ransomware groups, both old and new, honed their ability to access victims’ networks worldwide. Cybercriminal groups adopted the now widespread ‘double extortion’ tactic to steal—and threaten to leak—sensitive data.
  4. Ransomware sent shockwaves through the software supply chain. Numerous high-profile incidents targeting high-worth organizations via software supply chains during 2021 demonstrate the impact that ransomware can have on an organization—and, in some cases, led to ‘real-world’ outcomes sending shockwaves across the broader economy.
  5. Attackers bought and sold off-the-shelf commodity malware. Commodity malware continued to be widely adopted by threat actors of varying sophistication—from organized cybercriminal gangs delivering payloads to gain initial access to high-value targets to script kiddies using simple off-the-shelf threats to steal credentials for resale on the dark web.

Click here to read the full blog post to delve into each of the five ransomware trends or you can visit the Varonis website here.

The rise of Ransomware-as-a-Service and how organisations can protect themselves 

960 640 Guest Post

By Keith Glancey, Head of Solutions Architect at Infoblox

Over the years, ransomware has become an increasingly popular attack method for hackers looking to make a large return on investment. The COVID-19 pandemic only accelerated this problem further, opening up new opportunities for cybercriminals to cause disruption and find vulnerabilities.

As businesses continue to struggle with securing the new remote and hybrid working landscape, cybercriminals will continue to use it to their advantage. In fact, today it is estimated that there is at least one ransomware attack on a business every 11 seconds. These attacks are not just frequent. They are also damaging, with recent research discovering that the average ransomware recovery costs for businesses have more than doubled in the past year, rising from $761,106 in 2020 to $1.85 million in 2021. And that’s without the long-term reputational damage.

Whilst tried and tested ransomware distribution tactics – such as malicious websites, email campaigns and even USB memory sticks – are still very much in use, over the last year or so other, newer methods have also increased in popularity. One such method – which is quickly becoming the number one headache for security teams and business leaders – is Ransomware-as-a-Service (RaaS).

A new era in ransomware

RaaS is changing the game. A subscription-based model that enables users to use pre-developed ransomware tools to execute attacks, RaaS gives everyone the power to become a hacker. There’s no technical knowledge required; all individuals need to do is sign up for the service.

RaaS platforms are closely modelled after legitimate SaaS products. They include support, community forums, documentation, updates, and more. Some even offer supporting marketing literature and user testimonials. Users can choose to sign up for a one-time fee or for a monthly subscription. There are also special features which you can pay for, such as a status update of active ransom infections, the number of files encrypted, and payment information.

Although deploying this new type of ransomware requires no specific skills, it still enables threat actors to develop highly targeted attacks on large organisations, where they can ask for large ransoms. In these highly targeted cases, threat actors use carefully researched social-engineering tactics, such as well-crafted emails to entice targets to click dangerous URLs or open malicious attachments. In other cases, threat actors may target a vulnerability that is particular to or commonly used by their target victim group.

It’s no surprise that RaaS is becoming so popular. In fact, research discovered that almost two-thirds of ransomware attacks in 2020 used RaaS tools. It has also been behind some of the most notorious attacks this year, including those on the Colonial Pipeline and JBS. The size and sophistication of these attacks should concern all cybersecurity professionals, and their successes highlight how the RaaS market is only likely to grow moving forward.

Future proofing with DNS

When it comes to ransomware, failing to prepare really is preparing to fail. More often than not, attacks are successful when victims do not have an effective strategy in place. Therefore, businesses need to expect attempted ransomware attacks and prepare accordingly.

Getting detection and prevention right can help businesses to gain the upper hand. This is where Domain Name System (DNS) tracking comes in. DNS is a core network service, which means that it touches every device that connects to a company’s network and the wider internet. What’s more, some 90% of malware, including ransomware, touches DNS when entering and exiting the networking, making it a powerful tool in the cyberdefense toolkit. When applied to security, DNS can help protect against ransomware attacks by detecting and blocking communication with known C&C servers that distribute malware, helping to stop an attack before it even starts.

To take DNS-based security to the next level, businesses can merge DNS with DHCP (Dynamic Host Configuration Protocol), and IPAM (IP Address Management). This combination of modern technologies – known as DDI – can pinpoint threats at the earliest stages, and paired with DNS security, can identify compromised machines and correlate disparate events related to the same device.

With RaaS becoming so established, organisations battling against ransomware need to level up. As with most complex issues, there’s no silver bullet for cybersecurity. However, by focusing on detection and prevention and using core infrastructure like DDI, security teams can get the upper hand.

Responding to the rising ransomware threat

960 640 Guest Post

By Redscan, a Kroll Business

In October 2021, Sir Jeremy Fleming, the head of GCHQ, disclosed that the number of ransomware attacks in the UK has doubled in just one year. Recently described as “the most immediate danger to UK businesses,” by Lindy Cameron, the CEO of the UK’s National Cyber Security Centre, ransomware continues be a dominant factor in the threat landscape.

It has grown increasingly sophisticated, as have the cybercrime gangs behind it. Over the past two years, they have even evolved ransomware-as-a-service as a new business model to enable lower-skilled threat actors to disrupt businesses.

With many people continuing to work from home, attackers are actively taking advantage of known software vulnerabilities in technologies relating to remote working, including exploiting Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) vulnerabilities.

Cybercriminals also continue to use phishing as a reliable method of initial access, alongside evolving their techniques to launch more sophisticated infections.

With more and more organisations falling victim to ransomware, it is imperative that companies are aware of the techniques used by attackers, as well as the opportunities for detecting it. While much of the advice around ransomware focuses on backing up files and systems, it’s important to remember that precursors to ransomware can be identified and attacks disrupted. Having the appropriate controls in place to detect and respond to attacks is essential.

The most vital step for security teams is to ensure that they have visibility of all their environments – not always easy to achieve in the era of remote working, multiple devices and cloud computing. They should also explore technologies, like SIEM and EDR solutions, that are needed to monitor for ransomware precursors and enable them to disrupt attacks.

As key vulnerable points of entry to networks, endpoints represent a significant security risk for organisations. Redscan’s Managed Endpoint Detection and Response (EDR) service significantly enhances visibility of attacks targeting endpoint devices, supplying an experienced team of threat hunters, the latest EDR technology and up-to-the-minute threat intelligence to identify threats that other controls can miss.


WEBINAR REWIND: Ransomware Has Evolved, And So Should Your Company

960 640 Stuart O'Brien

Don’t worry if you missed last week’s excellent webinar from Veriato – you can now rewatch the entire session online!

Right now, a cybercriminal gang like Prometheus, Maze, Ryuk, or NetWalker could be looking for vulnerabilities in your network to launch a Ransomware attack.

Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don’t pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption.

The scariest about these methods is that the Ransomware doesn’t need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal’s will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these ever-growing attacks?

Join Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato) as they discuss:

  • Ransomware 101
  • The Colonial Pipeline Breach
  • Ransomware As A Service
  • Anti-virus is not enough
  • Ransomware detection and prevention

Click Here To Watch Again

WEBINAR: Ransomware Has Evolved, And So Should Your Company

960 640 Guest Post

By Veriato

2021 Has been an interesting year for Ransomware attacks so far. After plaguing countless victims with dreaded ransom notes and bringing the US Colonial Pipeline and other large corporations to their knees, the Ransomware attack method has built a strong reputation for inflicting cyber terror on consumers and businesses alike.

As cyber criminals noticed increasing success from this method, the trends shifted towards more targeted enterprise attacks with potentially more lucrative payouts. Furthermore, criminals saw the growing demands for these attacks on the Dark Web as a business opportunity to make attack kits more easily accessible. This new realm of service would essentially remove the burden of coding and crafting attacks from the criminals, thus reducing the difficulty of launching these types of attacks. What once required tons of planning and preparation could now be purchased as a subscription or service.

What is Ransomware?

Also termed digital extortionRansomware is a form of cyberattack in which criminals block access to prized digital possessions or resources and demand payment for their release. There are many variations of ransomware attacks, but the common goal is usually to extort companies or users for money. For example, an attacker may encrypt all of your data and ask for payment in exchange for the decryption key. Without the key, your operations could end up being crippled.

One of the biggest trends in technology over the last decade has been the growth of subscription-based service models and products. Examples include Software as a Service (SaaS), Platform as a Service (PaaS, Infrastructure as a Service (IaaS), and more. Instead of building software or installing software directly in corporate environments, these companies are providing customers with the ability to effectively rent access to the services they need without dealing with development, maintenance, and additional back-end work. Given the high demand for Ransomware in this day and age, creative cyber-criminal entrepreneurs followed this tech industry trend and created Ransomware as a service (RaaS) to ease the burden of cyber attackers having to develop their own attacks.

Using these services, cybercriminals can launch advanced Ransomware attacks using RaaS providers from the Dark Web. 

Sign up for our latest webinar to learn moreRansomware Has Evolved, And So Should Your Company.

WEBINAR REWIND: Ransomware Attack Simulation

553 289 Stuart O'Brien

In a special attack simulation, this Cybereason webinar looked at how multi-stage attack campaigns operate today – and you can now watch the entire session again online.

Presented by Cybereason Product Director Eric Sun, the webinar enables the audience to witness an attacker’s infiltration and watch the malicious operation as it moves across the entire environment.

You’ll see the many opportunities an attacker has to advance the operation, and the ways that your organisation as a defender can break the kill chain and end the attack before crown jewels are compromised.

Today’s attackers are able to translate a successful phish into persistent, stealthy network compromise – Sun takes an in-depth look at how this happens, and what can can be done to stop it.

In today’s reality where prevention measures aren’t always enough and penetration can seem inevitable, the defenders need to out think, outpace, and quickly end even the most sophisticated attack.

Ultimately, you’ll come away with new knowledge on today’s attack campaigns and insights on how defenders can gain the upper hand. The session shares the attacker’s mindset and how it impacts our strategies as defenders.

Click here to watch now

How AI stopped a WastedLocker intrusion before ransomware deployed

1024 681 Stuart O'Brien

By Max Heinemeyer, Director of Threat Hunting, Darktrace

Since first being discovered in May 2020, WastedLocker has made quite a name for itself, quickly becoming an issue for businesses and cyber security firms around the world. WastedLocker is known for its sophisticated methods of obfuscation and steep ransom demands.

Its use of ‘living off the land’ techniques makes a WastedLocker attack extremely difficult for legacy security tools to detect. As ransomware dwell time shrinks to hours rather than days, security teams are increasingly relying on artificial intelligence to stop threats from escalating at the earliest signs of compromise – containing attacks even when they strike at night or on the weekend.

This article examines a WastedLocker intrusion that targeted a US agricultural organization in December.

The initial infection appears to have taken place when an employee was deceived into downloading a fake browser update. Attempted reconnaissance began just 11 minutes after the initial intrusion, and the attacker used an existing administrative credential to establish successful administrative and remote connections to other internal devices. Several hours later – in the early hours of the morning – the attacker used a temporary admin account to attempt a file transfer.

Darktrace AI detected every stage of this intrusion, picking up on all unusual activity for the organization and unusual user behavior, including HTTP connections to anomalous external destinations and highly unusual connections between internal devices.

With Darktrace’s real-time detections – and Cyber AI Analyst investigating and reporting on the incident in a number of minutes – the security team were able to contain the attack, taking the infected devices offline.

Without Darktrace in place, the ransomware would have been successful in encrypting files, preventing business operations at a critical time and possibly inflicting huge financial and reputational losses to the organization.

Darktrace’s AI detects and stops ransomware in its tracks without relying on threat intelligence. Ransomware has thrived this year, with attackers constantly coming up with new attack TTPs. However, the above threat find demonstrates that even targeted, sophisticated strains of ransomware can be stopped with AI technology.

For more information on Darktrace, click here.

  • 1
  • 2