As July 2024 marks Ransomware Awareness Month, the cybersecurity community is once again shining a spotlight on one of the most prevalent and costly threats facing organizations today. This annual observance serves as a crucial reminder of the ever-evolving landscape of digital threats and the critical importance of proactive defense strategies. Ransomware, a form of malicious software that encrypts data and demands payment for its release, continues to pose a significant risk to businesses of all sizes across various industries.
In recognition of this important month, we've gathered insights from leading industry experts to provide our readers with a comprehensive overview of the current state of ransomware threats and defense mechanisms. With the help of these industry experts, we hope to equip our readers with the knowledge and tools necessary to strengthen their cybersecurity posture in an increasingly complex digital landscape.
##
Anthony Cusimano, technical director at data storage startup Object First
Be skeptical. AI is bringing about a revolution in the way we do business, but it’s also powering up every cybercriminal in the game. They will no longer hope you click the phishy link in the email; they will be posing as people at the other end of the Zoom call with faces and voices you know and trust. They are going to use blackmail and extortion with faked information to convince you that you are compromised when you are not. They will become indistinguishable from the real thing and use next-gen social engineering to access systems and services you didn’t know existed, and it’s all thanks to AI deep fakes. Ransomware is just the tip of the iceberg moving forward, and we are in for a rough ride with AI in the picture.
++
Andy Fernandez, Senior Director, Product Marketing, HYCU
It has become an all too familiar refrain, it’s not a matter of "if" an attack will occur, but "when". We’ve seen the industry focus on detecting, preventing, and even recovering from attacks. The challenge and glaring gap here is that these strategies have been focused on the data center infrastructure and do not focus on as-a-service applications running outside of the data center. In fact, SaaS applications are the #1 target for ransomware attacks now. Cybersecurity directives like the Digital Operational Resilience Act (DORA) and Network and Information Security Directive (NIS 2) coming out of the European Union (EU) are explicitly focusing on the third-party risk management problem and explicitly requiring backup and recovery strategies across all applications. If you factor in the shrinking time window of when an attack will occur, now as low as every six seconds, with the number of SaaS applications in use across most enterprises, 200+, and the fact that the vast majority of these applications in use have no enterprise class backup and recovery solutions available to support them, you have a perfect storm of data vulnerability. As there are fewer than ten SaaS applications that have enterprise class backup and restore capabilities, in honor of ransomware awareness month, organizations must prioritize comprehensive data protection to be better prepared to deal with the perfect storm. This includes strategies to recover from any incident while eliminating the number of applications left unprotected, and adhering to existing and emerging regulatory mandates.
At HYCU, we empower businesses to stay one step ahead of ransomware gangs and cybercriminals. Our solutions ensure that when an attack hits, you’re not just protected, you’re able to recover quickly and efficiently without having to pay a ransom. Keeping your operations running and your customers served without missing a beat is paramount. As we reflect on how to be best prepared in the event of a ransomware attack, don’t let ransomware dictate your business continuity and disaster recovery. Make sure you have an incident response plan in place that is separate and distinct from your DR efforts. Also, make sure that you have the right data protection technologies to support that plan.
++
Patrick Tiquet, VP of Security and Compliance, Keeper Security
Ransomware remains a favored tool of cybercriminals due to its high profitability and widespread impact on both employees and businesses. Investing in advanced cybersecurity solutions and staying informed about the current threat landscape are essential for defending against this pervasive threat.
A comprehensive ransomware prevention strategy should include adopting a zero-trust password management system and implementing least-privileged access. A privileged access management solution will ensure that only authorized users can access sensitive information. Password managers are also crucial for generating and securely storing unique and complex passwords, reducing the risk of credential theft and protecting against phishing. They also support encrypted storage and Multi-Factor Authentication (MFA), adding critical layers of security.
Organizations should focus on proactive endpoint security through continuous monitoring. By addressing the underlying tactics and techniques used by attackers rather than specific ransomware variants, organizations can adapt to evolving threats more effectively. Real-time detection and response are essential for promptly containing and mitigating the impact of ransomware incidents.
++
Marcel Calef, Americas Field CTO, ControlUp
Balancing security and employee productivity is a dance of give and take. While security experts aim to lock down every potential vulnerability, they must also consider employees' frustration when security gets in the way of daily tasks. During Ransomware Awareness Month, don’t forget the importance of employee experiences in your security strategy. A cost-effective and secure environment must also be a productive one. While careless user behavior can create security gaps, security experts should not create barriers in the digital employee experience (DEX) that cause user frustration. Instead of restricting your team, educate and delegate to make security everyone’s business. By redesigning security strategies around your business’ unique human and workflow behaviors, you can elevate both your security posture and business performance.
++
Morgan Wright, Chief Security Advisor, SentinelOne
Ransomware is the cockroach of malicious software. It has been stomped on, squished, sprayed, attacked, and subjected to every known form of analysis and evaluation. Yet, like the cockroach, it has survived our best attempts to eradicate it from existence. The continuous evolution of sophisticated cat-and-mouse games in cyberspace reflects an actual threat, not only a perceived one. While the goals of ransomware remain the same—money—the tactics and tools used have mutated significantly. The use of AI has created a powerful tool to blunt these persistent campaigns, but not everyone is equipped adequately to deal with these attacks.
For example, FIN7 has evolved since its emergence in 2012. From just another cybercriminal group to a global threat, FIN7 has used sophisticated techniques, such as creating its own cybersecurity firms, to deceive security researchers and enable novel attacks (like EDR evasion). The industry has also seen collaboration between multiple transnational cybercrime groups that have scaled the reach and impact of ransomware attacks. At its core, the goal has always been money. Last year was the worst on record, with over $1 billion in payments, coupled with an average of $5 million in the cost of an attack. Until the financial incentive is removed, ransomware will be as hard to kill as a cockroach that has survived a nuclear blast.
++
Jeffrey Wheatman, SVP, Cyber Risk Strategist at Black Kite
Ransomware
has become a major threat to organizations of nearly every size and
vertical. What started as single actors and small groups seeking street
cred and maybe financial gain has transformed into highly sophisticated
and organized cybercrime syndicates that operate like businesses. Many
work as large billion-dollar organizations with sales, customer success,
partners and affiliates. As businesses and individuals increasingly
depend on interconnected systems and digital infrastructure, the stakes
of these attacks have reached unprecedented heights.
According to
Black Kite research, last year alone attacks nearly doubled as groups
became more persistent and their attacks became more sophisticated, with
a majority of targets in the US. Manufacturing, professional services
and healthcare are noted as the top three targeted industries for
ransomware attacks, however, every industry can be a target for an
attack. To add, it’s not just about a particular organization but also
vendors within their supply chain ecosystem that are a concern for
ransomware attacks. Both scenarios can cause significant business
disruption and financial loss, so understanding the dynamics of
ransomware attacks is crucial for organizations to bolster defenses and
safeguard against potential extortion and supply chain disruptions.
++
Caitlin Condon, Director of Vulnerability Intelligence at Rapid7
There is a mature, well-organized cybercrime ecosystem at work, with increasingly sophisticated mechanisms to gain access, establish persistence, and evade detection. The data is telling us that we are experiencing the intensification of a multi-year trend; now more than ever, implementing zero-day patching procedures for critical technologies is key.
- Zero days are rapidly accelerating: Mass compromise events stemming from the exploitation of network edge devices have almost doubled since the start of 2023.
- Hackers aren't relying on the spray-and-pray method anymore: The past 15 months reveal 23% of widespread threat CVEs rise from well-planned zero-day attacks in which a single adversary is able to compromise hundreds of organizations in one fell swoop.
- Honeypot data does not (or cannot) distinguish scanning or unsuccessful exploit attempts from successful compromise of target system: Over the past 18 to 24 months, Rapid7 saw an increasing number of claims signaling "mass exploitation" of new vulnerabilities, but while scanning activity can be indicators of attacker interest, they are rarely indicative of attacker skill.
++
James Blake, VP Global Cyber Resiliency Strategy, Cohesity
New threats demand a new approach. Historically, data exfiltration and data theft incidents were the primary concerns and could be mitigated with cyber security. Today, destructive cyber attacks – such as ransomware or wiper attacks – have massive economic implications and can lead organizations to losses related to inability to make revenue or provide essential services, impacting both consumers and supply chain partners. These types of destructive cyber attacks can only be mitigated with cyber resilience. In the past, time-to-respond wasn’t as critical, and recovery was only needed in a subset of incidents. Today, in the span of a year, 78% of organizations are targets of ransomware attacks two or more times. Effective and efficient response and recovery are the most critical aspects of building cyber resilience, and need to be a “business-as-usual” activity.
++
Alex Spivakovsky, VP of Research, Pentera
We need to stop accepting the idea of ransomware as a forgone conclusion. Yes, it’s a challenge to keep up with constantly evolving ransomware strains, but it’s not impossible. The key is to shift from a reactive mindset predicated on detection and response to proactively testing defenses to ensure readiness.
Currently, the average organization does very infrequent testing against real ransomware campaigns. According to our yearly State of Pentesting report, 60% of enterprises pentests at most twice a year. Infrequent assessments leave long periods of time where security remains untested against real threats, leading to longer dwell times of issues within the environment, and more opportunities for threat actors to exploit them.
Proactive testing against the known TTPs popular in ransomware campaigns allows security professionals to understand where their existing defenses are effective, and where the threat actors can circumvent security. Active testing enables security teams to identify and focus on proven points of risk that adversaries can exploit. Without stress-testing your environment, security teams are left to assume that their security controls will work as expected, but they cannot validate it.
++
Geoffrey Mattson, CEO, Xage
Ransomware has evolved into a pervasive and costly threat, with organizations facing crippling financial losses, operational disruptions that drag on for months, and reputational damage. The traditional approach of detecting and responding to ransomware attacks has proven insufficient, as often by the time an attack is identified, it has progressed too far to contain. This underscores the critical need for a proactive, multi-layered, and prevention-focused cybersecurity strategy.
To effectively combat ransomware, organizations must safeguard against every stage of an attack, with special focus on stopping early stage tactics, techniques, and procedures. By implementing robust measures and compensating controls to prevent initial access, target discovery, and lateral movement, businesses can significantly reduce their risk of falling victim to these devastating attacks. Strategies such as multi-layer multi-factor authentication, identity-based internal segmentation,, automated credential rotation, and zero-trust access control overall are essential in bolstering defenses and creating a more resilient security posture. Executed properly, this layered, resiliency-focused approach enables enterprises to minimize the blast radius of an attack, contain the damage, and recover without significant operational impact.
Investing in prevention both mitigates the immediate costs associated with ransomware attacks and protects against long-term consequences, such as data loss, reputational harm, and increased insurance premiums. Faced with the growing urgency of cyber risks, organizations must prioritize prevention to safeguard their critical assets and ensure business continuity.
++
Jon Miller, CEO & Co-founder of Halcyon
Over the past few years, almost every business has been made aware of the ransomware threat. Whether they were a target themselves, or a customer, or even a third-party connection, ransomware has impacted nearly every business in some way at this point. However, businesses still struggle to mitigate ransomware risks. One main reason is that many have yet to connect the dots that ransomware has become a data exfiltration problem, with just a little ransomware sprinkled in. In fact, our recent study found of those hit by ransomware in the past 24 months, 60% reported sensitive or regulated data had been exfiltrated from their organization. Once businesses shift their focus on protecting their data, they can better protect from today's ransomware threat.
++
Jim Broome, president and CTO, DirectDefense
Modern organizations must reckon with rising ransomware threats by understanding the interplay of external access vulnerabilities, such as insufficient network segmentation and the integration of third-party systems. These weaknesses offer pathways for malicious actors to exploit critical infrastructure. Establishing a robust incident response plan is crucial, which involves maintaining a comprehensive inventory of third-party vendors, ensuring clear communication strategies, and defining protocols for managing these relationships, especially when breaches occur.
Cyber risk insurance and compliance play a critical role in mitigating the financial and operational impacts of cyberattacks. Organizations should meticulously understand the terms and limits of their insurance policies to ensure comprehensive coverage, particularly against the backdrop of cybercriminals targeting insurance details to limit negotiation leverage during attacks. Safeguarding these sensitive documents and monitoring for unauthorized access is essential. Additionally, planning for legal challenges is imperative; having agreements with both internal and external legal teams ready ensures swift and appropriate responses to incidents, protecting sensitive information while managing external communications and other third-party interactions.
Proactive incident management extends beyond planning; it requires regular testing and updating of response strategies to align with evolving threats and organizational changes. The hard fact is that dwell time from when a threat actor breaks in to the time they detonate ransomware has continued to reduce over time. We’ve gone from measuring dwell time in days to hours, so response strategies should reflect this. Tabletop exercises, guided by industry standards like NIST SP 800-61, simulate real-world security scenarios to prepare teams for actual attacks, highlighting vulnerabilities in response plans. These exercises, combined with annual reviews and updates of incident response plans, ensure that organizations can not only respond effectively to incidents but also maintain continuity and resilience in the face of cyber threats.
++
Marc Solomon, CMO, ThreatQuotient
As seen with June’s attacks on both the US automotive software supplier CDK Global and UK’s National Health Service (NHS), high profile ransomware attacks are on the rise across a diverse range of sectors. As such, we must continue to be aware of the threat of ransomware, and ensure we are armed with the intelligence to understand where attacks will come from. This Ransomware Awareness Month, ThreatQuotient is advising organizations to take a proactive approach to threat intelligence gathering and sharing.
Below are a couple of notable ransomware trends that we are seeing:
Supply chain attacks are growing in frequency. Both the CDK Global and NHS hack were supply chain attacks, underlining the disruption such incidents cause. Bad actors know that by attacking an organization with a large customer base, they maximize the potential for damage and are more likely to see ransoms paid as a result.
Another trend is democratization. Developments such as Ransomware-as-a-Service (RaaS) and Ransomware-for-Hire Services enable anyone to launch an attack without needing any technical skills. Consequently, ransomware attacks will likely increase in volume and severity as more bad actors can launch them.
Reducing ransomware attack risk requires strengthening resilience and threat intelligence monitoring, collection and analysis should be a core security team activity. However, once threat data has been collected, sharing it with partners, suppliers and industry peers is an even more powerful way to give industries a keener edge in the fight against ransomware. So, this Ransomware Awareness Month, we encourage everyone to think of a new way they can share threat intelligence outside their organization, whether through joining an industry community or building out their own supply chain sharing program.
++
Dr. Sean Costigan, Managing Director of Resilience Strategy at Red Sift
Organized cybercrime groups often now work together in sophisticated operations, utilizing more powerful encryption methods and improved psychological tactics to debilitate businesses and institutions, turning it into a widespread and lucrative multi-billion-dollar racket. For example, the Qilin ransomware group, known for its recent $50 million ransom demand, has targeted the healthcare sector, notably impacting Synnovis, a pathology services provider. This attack severely affected several major NHS hospitals in London earlier this month. Identified first in July 2022, Qilin has become infamous for its Ransomware-as-a-Service (RaaS) offerings, which it began advertising on underground forums starting in February 2023.
Organized cybercrime's focus on critical infrastructure -- in particular, health care institutions -- has been remarkable in its efficiency. In the US last year's FBI IC3 revealed that in 2023 nearly 1,200 organizations were affected by ransomware and an astonishing 250 were submitted by medical groups - the most of 16 critical infrastructure sectors. Email remains by far the most common vector for cybercrime groups to gain entry. Critical infrastructure entities can bolster their email defenses to ensure that staff are not the only line of defense against adversaries. In particular, a renewed focus on the properly configured DMARC offers a solution that helps reduce fraudulent emails before they even reach an employee's inbox. DMARC also aids in preventing adversaries from sending emails that appear to come from your organization's staff to others within or outside your organization.
++
Shawn Waldman, CEO and Founder of Secure Cyber
I think one of the most important things that I’ve learned about ransomware readiness is the importance of having a robust endpoint detection and response (EDR) software installed. And I don’t mean just picking anything with the word EDR in it; I mean actually doing the research to know:
- Which EDR’s are real ones,
- Installing and configuring it correctly (and I mean not immediately white-listing PowerShell—yeah, you know who you are), and
- Governance of the EDR. If you don’t properly maintain it, keep it tuned and configured correctly, and deploy it on ALL endpoints, then you might as well not have it at all.
I know it’s talked about a TON, but seriously, not having a plan on how to respond is a very bad thing. Take the time to just sit around at lunch and talk about it with your staff. Talk about recovery and how you’re going to do it IN MASS. I’m sure after the CrowdStrike incident, a lot is being discussed regarding mass imaging, BitLocker key management, and out-of-band access—all things you would likely need post-ransomware, especially if you have to rebuild a ton of devices.
Something else that I’m sure is coming up post-CrowdStrike but also relates to post-ransomware situations is offline access to data. We have noticed many times that disaster plans, passwords, and key data needed to recover aren’t available due to the fact that they were encrypted as part of the attack.
++
Bruno Kurtic, co-founder, President, & CEO of Bedrock Security
When it comes to defending against ransomware, there are several best practices that can significantly enhance your organization's security posture.
Comprehensive Data Discovery: One of the foundational steps in ransomware defense is ensuring you have complete visibility into where all your data resides. By employing a robust data discovery process, organizations can identify and catalog all data assets across their environments. This step is crucial for understanding potential targets and ensuring that all sensitive and critical data is accounted for and properly protected.
Precise Data Classification: Accurately classifying data is essential for prioritizing protection efforts. Implementing advanced AI-driven classification techniques can help distinguish between critical and non-critical information. This allows security teams to focus their resources on the most valuable assets, ensuring that sensitive data receives the highest level of protection against ransomware attacks.
Proactive Data Protection: Leveraging near real-time posture assessment and automated protection strategies can significantly enhance data security. Utilizing AI and machine learning to continually assess and improve security posture ensures that your defenses evolve alongside emerging ransomware threats. This proactive approach helps in identifying vulnerabilities and mitigating risks before they can be exploited.
By integrating these best practices—comprehensive data discovery, precise data classification, and proactive data protection—organizations can build a robust defense against ransomware. These strategies not only help in protecting critical data assets but also in maintaining the overall integrity and security of your organization’s information.
++
Arvind Nithrakashyap, Co-founder and CTO, Rubrik
In 2024, ransomware no longer has an awareness problem; countless incidents across industries like healthcare, financial services, transportation, and more have made ransomware a focal point on many occasions.
What requires increased awareness is the resilience problem organizations and security leaders now face in protecting their critical operations.
According to recent Rubrik Zero Labs data, 60% of IT and security leaders reported they are extremely or very concerned about their organization’s ability to maintain business continuity during a cyberattack. As ransomware continues to wreak havoc on organizations of all kinds, they must prepare for the inevitable so their systems can remain running even while under attack and reduce their time to recovery from days or weeks to hours — or even minutes.
It is paramount that organizations can identify and investigate threats against business-critical data early to better their chances of complete recovery. If all organizations take the road of cyber resilience, we’d be one step closer to securing the world’s data.
++
Victor Monga, Global Cybersecurity Technologist at Menlo Security
Ransomware attacks have become increasingly sophisticated, employing evasive tactics to bypass traditional security measures. From the perspective of a Zero Trust advocate, it's crucial to adopt a multi-layered security approach that assumes breach and verifies every access request. Implementing strategies like robust identity and access management, network segmentation to reduce attack surfaces, and treating browsers as enterprise assets can significantly reduce the risk of falling victim to ransomware.
- Identity and Access Management (IAM): Implementing IAM with multi-factor authentication (MFA) can block most account compromise attacks. This layered approach aligns with Zero Trust principles by requiring multiple forms of verification.
- Network Segmentation: Organizations with network segmentation experienced fewer security incidents. This strategy effectively limits the spread of ransomware by isolating different parts of the network.
- Treating Browsers as Enterprise Assets: Browsers are often the entry point for ransomware. By treating them as critical enterprise assets and using secure browser solutions, organizations can prevent phishing and malware attacks, thereby protecting sensitive data and reducing the overall attack surface.
- Incident Response Plan: FireEye Mandiant’s 2022 report showed that organizations with an incident response plan reduced significant ransomware recovery time.
++
Richard Caralli, Senior Cybersecurity Advisor at AxioOrganizations continue to suffer significant and costly damage from ransomware attacks at an alarming rate. Ransomware attacks put our critical infrastructure at high risk for operational disruption and permanent destruction, expose our most sensitive national security secrets and intellectual property to theft and espionage, and increase the risk of identity theft and personal loss to our citizens. Operating in a digital world has brought organizations extraordinary opportunities for growth, efficiency, and innovation—but this comes with the responsibility to protect and defend against ransomware attacks that can expose shareholders, customers, and employees.
To improve their resistance to ransomware and other threats, organizations must establish several key cybersecurity practices where performance is incomplete or immature—and may be over-exposing organizations to otherwise controllable gaps in their ransomware defenses. Threat actors know that these gaps exist and that they are easily exploited and rewarding. Waiting to confront these deficiencies until a ransomware attack occurs not only results in financial, reputational, and operational losses but sends a signal to potential threat actors that the organization is in catch-up mode.
Ransomware attackers compromise weaknesses in privileged account management, timely vulnerability management, insufficient cybersecurity training and awareness, and a failure to extend cybersecurity controls and practices to third-party partners and contractors—including recognizing the salient threat of supply chain–based attacks when using third-party software. Significant lapses in cybersecurity hygiene—poor password practices, insufficient authentication controls, and deficient cybersecurity architectures that fail to prevent the propagation of malware—continue to be prevalent factors in the design and execution of ransomware attacks. Hackers are astutely aware of these deficiencies and architect their attack methods to take advantage of them, reducing both their up-front investment and potential payoff. Ironically, organizations will continue to suffer ransomware attacks until they realize that small investments in improving foundational cybersecurity practices will similarly result in significant rewards.
++
Prakash Darji, GM, Digital Experience, Pure StorageThe AI explosion is revolutionizing the way we do business, and it’s also giving way to an increase in frequency and impact of attacks, especially ransomware. Organizations are at a greater risk now more than ever, but existing IT infrastructures are not flexible enough to counter the current threat landscape.
Businesses must reconsider their current storage platform and evaluate whether it's resilient enough to mitigate future risk and uncertainty. They need to work with their providers to customize a comprehensive data protection and cybersecurity strategy that includes a disaster recovery plan, maintained on a quarterly basis to ensure resiliency and ability to meet evolving data and storage management needs.
++
Yogesh Badwe, CSO at DruvaRansomware is constantly evolving and companies must be aware of how threat actors operate. Ransomware operations have become increasingly complex and industrialized, which sometimes means group collaboration where one group is gathering sensitive data and the other is responsible for negotiations.
Where cybercriminal collaboration destabilizes is when, for example, Group A agrees to an organization’s ransomware payment and promises the data back -- but Group B leaks that information. There is no guarantee that if an organization pays, they will get their data back.
Regardless of how threat actors operate, companies must be diligent in securing their data and have the necessary safeguards in place. Ensuring your organization is addressing security in backups and leveraging the right data security strategies will help your business prevent threats or reduce the impact in the event of a worst case scenario.
++
Recent ransomware attacks like the attack on software maker CDK Global are having a greater economic impact as industries become increasingly digital and rely on single software vendors. This Ransomware Awareness Month, it’s critical to shine a light on DevSecOps to make software secure and prevent successful attacks. While in the DevSecOps model security teams and engineering teams are in lockstep, security leaders and pros have to make security easier for engineers. Implement comprehensive policy management, establish robust identity and access management controls, ensure that all endpoints are secure, and implement a single source of truth so these teams sing off the same song sheet. In addition to these defenses, be proactive by reducing the value proposition for attackers. Have a response plan and data backups in place to make systems less lucrative targets. Creating a security-first culture starts with the security team – make security top of mind, but also make it easy for the greater companywide team.
++
Ransomware tactics continues to evolve. Attackers are relying more and more on double extortion, stealing your data as well as encrypting it, to secure a higher ransom. A
recent report from OpenText Cybersecurity also found that malware infections are on the rise once again and living off the land phishing scams have increased by 48.7% year over year. This Ransomware Awareness Month, it is essential organizations are reminded to take the mindset that it’s not a matter of if a ransomware attack will take place, but a matter of when. Therefore, enterprises of all sizes need the right defenses and a battle plan in place.
A vital part of an organization’s defense is employee education, which should be the bedrock of any security strategy. There’s no use in investing in sophisticated cybersecurity software and services if employees are clicking on dodgy links which can give cybercriminals access to a network. To prepare for when an attack is successful, always have a rehearsed plan in place. Create a rapid-response email alias that is only used for emergencies such as a ransomware attack and designate an order of command. The more prepared a business is, the higher the likelihood of avoiding a costly payment and swiftly rebounding from an increasingly prevalent type of attack.
++
Threat actors are increasingly using AI to adapt programming languages and create targeted malware, allowing them to scale operations and reduce costs. AI also enhances phishing attacks by improving grammar and context, making emails more convincing and harder to detect. For example, Dark Loader ransomware used AI to impersonate company executives in Teams messages. AI is also used for voice simulation in scams, mimicking voices to deceive targets into transferring funds. To combat these threats, organizations must be educated on evolving cyber tactics and equipped with AI-driven solutions. AI aids in data summarization, incident handling, and provides actionable insights, enhancing threat detection and response.
++
The fight between defenders and adversaries is an around the clock battle. Make no mistake that the ransomware scourge of the past five years has gotten the attention of NCSC, Interpol, FBI and other global law enforcement agencies. They fight on a daily basis to disrupt the unlawful actions of LockBit, BlackBasta, CLOP, ALPHV, and numerous other gangs.
Cybercrime is a well-organized operation and as such we need to have a well-organized defense to tackle it. Organizations should operate in the assumed breach mindset as the cybercriminal activity doesn’t stop, nor does it slow down. You can never let your guard down against threat actors and building operational resiliency, including a backup and recovery plan is vital to protecting critical assets of your employees, customers and partners.
Organizations should fight back and first assess what their critical systems are, including infrastructure such as Active Directory (AD), because nine out of 10 cyberattacks target it. And by operating in the assume breach mindset, if you find one compromised environment or one malicious malware (such as password interception) assume that there are others that you have not discovered.
Companies should also monitor for unauthorized changes occurring in their AD infrastructure and have real time visibility to changes to elevated network accounts and groups, as well as fast means of performing a clean recovery so they can get back on their feet as soon as possible.
Also, it is critical for organizations to back up their systems and then perform a clean recovery of their environment, where forensics and deep inspections take place to clean the environment. Then organizations can transition their systems and users to work in that environment. And make sure to save the compromised environment to perform a full forensics investigation.
Overall, it doesn’t pay-to-pay ransoms, ever, and you should have a plan that allows you to have a choice. Organizations can fight back and make it, so the criminal activity of ransom doesn’t carry the reward that the criminals are after.
++
Stephen Kowski, Field CTO at SlashNext Email Security
Recent ransomware attacks, such as the ones against Change Healthcare and CDK Global, have demonstrated the devastating impact of these threats on businesses and their customers. The attacks have also raised concerns about the tactics used by threat actors, who may be intentionally targeting companies that provide critical services to increase pressure for ransom payments. As ransomware attacks continue to evolve, it's essential for organizations to prioritize employee training, robust backup strategies, and continuous update cycles for security protocols to mitigate the risks associated with these threats.
##