Written by:
Anne Gotay Ransomware infections can feel like a horror movie monster when they appear in your organization. Like the worst of ghouls, they creep in when least expected and pop up without warning, completely corrupting everything they touch along the way, destructing data and leaving nothing but devastation in their wake.
Ransomware is Monstrously Scary
Movie monsters wouldn’t be frightening if they weren’t dangerous. Like Freddy or Jason, ransomware gives you plenty of reasons to run screaming. Ransomware requires little effort for attackers to launch off en masse, attempting to infect numerous individuals and organizations. Every time ransomware takes over a machine, the average ransom that an organization gets stuck with is $170k.
The cost-to-benefit ratio on these attacks is so good that attacks have risen 158% in North America. The effort to launch an attack is minimal, so attackers can carry out continual onslaughts throughout the year with little risk of getting caught. Attackers continue to watch this trend and are ramping up amounts of bounty and attack frequency to capitalize on vulnerable organizations. For businesses, it is no longer a concern if they will be attacked, but instead, they should plan for the ransomware monster appearing at some point and be ready to deal with it.
Ransomware Is Hard to Eliminate
More savvy attackers have developed ransomware into a platform, delivering ransomware as a Service (RaaS). With this model, they lease out variants of their ransomware or RaaS kits to other attackers, taking some of the proceeds from attacks and reducing the risk of being caught because someone else handles the sending and management of the attack.
Much like other software-as-a-service (SaaS) businesses, these kits are fully featured and come with round-the-clock support. With this model, malware authors can scale their business, enabling other attackers to use their ransomware without any overhead in developing or creating their own unique variety.
Some of these evolving threats include going beyond end-user endpoints and targeting shared storage attached to devices. This amplifies the attack from a narrow scope of systems to a broader set of storage. With organizations adopting the cloud as a backplane for collaboration, high-value data is moved outside traditional security perimeters. This storage is more likely to contain high-value data, driving the likelihood of victims paying the ransom.
Just When You Thought It Was Safe
In the movies, monsters are never completely defeated; they come back again and again in sequels. Much like that crazed shark from Amity Island or that guy who’s been chasing his sister down on Halloween for decades, ransomware follows the same playbook. Once it has shown up and terrorized an organization, that organization remains a target forever. Even for those who break down and pay the ransom, there are no guarantees that the monster will leave and never return. Quite the opposite tends to happen, and even after making a payment, there is no guarantee that you will recover from the ransomware. Almost 32% of victims try to recover their data by paying a ransom but only recover 65% of their data.
Newer variants of ransomware find ways to stick around to pester your organization, even if a ransom is never paid. Before any data is encrypted, the ransomware either creates backdoors for attackers to come to steal data or exports data on its own. Gathering this data allows ransomware groups to conduct secondary extortion attacks.
These attacks, dubbed double and triple extortion, are separate from the ransomware attack to recover data. In these attacks, the cybercriminals demand an additional ransom not to release sensitive stolen data to the public. They make these demands to the company robbed and reach out to those who individually had their data stolen, requesting ransom not to release their records.
Ransomware Hides Better Than the Best Horror Movie Monster
Ransomware relies on subterfuge to avoid detection by signature-based defenses such as antivirus software. By slightly altering the code to create a different signature, the ransomware creates a window of attack opportunity where antivirus software will not detect it. Malware like ransomware uses this technique so prolifically that over 450,000 new malware variants are discovered daily. It takes time for signature-based detection to identify the new strains and augment their signature files.
When Fighting Ransomware and Monsters – You Need an Epic Weapon
Fortunately, all monsters have weaknesses and can be defeated. Making sure the monster never gets a chance to launch its attack is the best way to keep preventing the attack cycle. As ransomware constantly evolves to hide, your organization must adopt technologies that detect malware based on behavior. No matter what disguise the ransomware wears, it follows behavior patterns that identify it as malicious. With behavior-based detection, access can be automatically blocked from malware early on, preventing it from stealing files or encrypting crucial organizational data.
Defense against ransomware is further augmented with a data-first approach to security, implementing controls targeting protecting data. Using fine-grained access controls, even if malware affects a specific individual, the amount of data it can access using its stolen credentials is limited. Augmenting this with threat detection powered by machine learning where infected endpoints can be identified by deviations in their everyday usage, eliminates further access automatically and cuts off the ability for attackers to steal data.
Sotero Defends Your Data
Sotero is your one-stop platform to defend your data against the monstrous ransomware threat. Sotero protects data on-premises and in the cloud, creating a data-first defense against multiple threats, including ransomware. Sotero’s behavior-based threat detection offers proactive protection against known and unknown threats, providing complete visibility across your network. With Sotero, you can better protect your sensitive information and reduce the risk of exposure.
Schedule a demo today to discover how Sotero can help your organization protect its data from the threat of ransomware.