Virtualization Technology News and Information
VMblog Expert Interview: Hindsight is 20/20 - What Ransomware Victims Could Have Done Differently


When thinking about ransomware, we often wonder what victims could have done differently to avoid cyberattacks and ransom demands in the first place. How can they stand up against these growing threats especially as the National Security Agency discovered a fresh batch of critical Microsoft Exchange vulnerabilities that will likely be exploited.  And what's coming down the road?  To learn more, VMblog spoke to industry expert, Chandrashekhar Basavanna, CEO and Founder, SecPod Technologies.  

VMblog:  What attack tactics have you seen cybercriminals leverage lately?

Chandrashekhar Basavanna:  While there's been no shortage of ransomware attacks making headlines lately, the attacks that have stood out are the ones that capitalize on Microsoft Exchange vulnerabilities, which we saw in the attack on Acer, and those that leverage ransomware-as-a-service (RaaS), which REvil is notorious for. Despite security experts advocating the importance of deploying patch updates regularly, it's clear that many organizations are neglecting to do this, losing sight of simple security best practices that can prevent these kinds of attacks from happening in the first place.

VMblog:  Why do you think organizations lose sight of simple security best practices?

Basavanna:  Despite being announced well over a month before the attack on Acer, cybercriminals were still able to exploit the company's failure to properly patch the Microsoft Exchange vulnerabilities. And, Acer isn't the only company to neglect simple security best practices - there are still many companies that haven't applied available fixes for the vulnerabilities. This begs the question: are IT security teams losing sight of the obvious while they're distracted by the emergence of new threats? While staying ahead of cybercriminals and nefarious new attempts on data breaches is vital for an organization to keep data safe, organizations must also ensure simple best practices aren't forgotten. 

However, implementing these best practices isn't always easy due to manual efforts and lack of tools that support automation, multiple point products operating in silo. It is important to make cyber security best practice implementation continuous and automated.

VMblog:  What tangible steps can businesses take to prevent cyberattacks and ransom demands from happening in the first place?

Basavanna:  Prevention should be the ultimate goal, so it's really important for businesses to implement solid cyber hygiene measures. This involves gaining complete visibility over all IT assets and endpoints. 

Additionally, it's not enough to run periodic vulnerability scans since new vulnerabilities are being identified at such a rapid pace. Instead, teams must perform continuous real-time vulnerability scanning to gain complete visibility over an organization's risk exposure. And, to make things easier for IT teams, I recommend finding a solution that mitigates high-critical vulnerability by automating scanning and remediation processes. Not only does this paint an accurate picture of the attack surface at all times and help IT teams understand the risk potential of each vulnerability, but it also reduces IT team fatigue and improves productivity. As I said, an increasing number of cyberattacks are due to unapplied patches, un-hardened security posture and these must be deployed immediately.

Implementing good cyber hygiene isn't a one-and-done exercise, either; IT security teams must continuously monitor for vulnerabilities, potential threats and research different attack patterns so they can fully understand their level of risks. Adhering to industry compliance standards, implementing continuous monitoring capabilities to detect indicators of attack and compromise and having incident response in place, will further strengthen organization's ability to prevent cyber-attacks. 

VMblog:  If a company does find themselves in a situation where a ransom has been demanded, how should the company deal with it?

Basavanna:  While never paying a ransom demand is certainly best practice, sometimes businesses don't take the necessary precautions that would give them a way out. In those cases, companies should first inform all their stakeholders and then do a thorough analysis and traceability of the incident to determine what data is lost and whether it was confidential, whether there are any backups available, and whether they can recover from the disaster quickly. That said, ideally teams would implement the previous cyber hygiene measures to prevent this from even happening in the first place.

VMblog:  We've seen cybercriminals demand larger ransom payments.  Since this will likely continue, why is it more important now than ever for businesses to prepare?

Basavanna:  The attack on Acer was the highest ransom demand ever made. Given that every major attack sets a precedent for others to emulate, we'll likely see other threat actors one-up each other beyond what is currently making headlines. For instance, the REvil ransomware group just hit two major software companies at once - Apple and Quanta - leaving them with a $50M ransom demand that they were threatening to double. Not only does this prove that ransomware gangs are ruthless, but it highlights how gangs like REvil have perfected their approach to extorting companies for large amounts of money with ease. What's more is that it's not just money that organizations risk losing by not preparing for these kinds of attacks - customer loyalty and trust are also in danger. That's why I implore all IT professionals and teams to prepare their business for these kinds of attacks, because they won't be slowing down anytime soon - if anything, they're increasing at an unprecedented rate.

VMblog:  How can SecPod SanerNow help?

Basavanna:  Our one-stop cyber hygiene automation platform, SanerNow, helps organizations implement cyber hygiene by orchestrating and automating security posture analysis and mitigation. Through cyber hygiene automation, continuous compliance, visibility and control, and incident detection and response, SanerNow ensures IT teams stay ahead of cybercriminals. Long story short, because SanerNow unifies multiple cyber security perspectives, all from a single console, it's perfect for IT professionals looking to prioritize and remediate threats proactively. 

VMblog:  How do you see cyberattacks changing in the next year or so?  Or what new trends do you predict will surface?

Basavanna:  Because cybercriminals are constantly trying to take their attacks to the next level, attack tactics will become even more ruthless and aggressive than what we've seen in the past couple of months. It's reported that attacks have been increasing by 9% every month since the start of last year, and it's likely that number will keep rising. Additionally, once one ransomware attack proves successful, copycats will follow. The Maze ransomware attacks are the perfect example of this - while they were the first gang to implement the double-extortion tactic back in 2019, now other groups do the same - and do so very successfully. We've also seen this evident in groups who conduct RaaS and extort Microsoft Exchange vulnerabilities. 

Even though our world is inching closer to a more ‘traditional normal,' working from home offices won't be going away completely, meaning BYOD will be the standard moving forward. We'll see increased attacks on remote infrastructure.

Attacks on critical infrastructure will rise, not only have they become easier targets because of legacy systems that are running, but also because of the level of attention these attacks would bring, and given the damage these attacks can cause is huge.

With increased cloud adoption, attacks targeting cloud infrastructure causing service disruption and data breaches will increase.


Published Friday, June 04, 2021 7:29 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2021>