[ad_1]
GUEST OPINION: Despite high levels of awareness and significant investments in security measures, ransomware remains one of the biggest security challenges faced by organisations around the globe.
According to the most recent WatchGuard Internet Security Report, endpoint ransomware detections increased by 627% in Q4 of last year, underscoring the need for security teams to boost their level of protection.
Remaining constantly vigilant is a key part of achieving effective protection. Part of this vigilance needs to be keeping a constant watch on the ever-changing tactics and methods being used to power ransomware attacks.
There are currently three key trends in ransomware that security teams need to understand and take into consideration when putting protective measures in place. They are:
1. The emergence of ‘pseudo ransomware’
Since Russia invaded Ukraine, there has been a significant increase in the level of cyberattacks occurring in both countries. In a number of cases, the attacks have involved a technique dubbed ‘pseudo ransomware’.
|
A pseudo ransomware attack appears to be a conventional ransomware incident, however the attackers are out to cause disruption and losses rather than obtain payment for decryption keys.
Such attacks are dubbed ‘wipers’ as their objective is to wipe or corrupt data on a victim’s IT infrastructure. In some cases what appears to be a ransomware note is provided, however it gives no detail on how a ransom could be paid. In other cases, files were encrypted in a way that didn’t allow decryption.
Examples include WhisperGate, PartyTicket (also known as HermeticRansom), Azov, Somnia, and RU Ransom. These were all novel wipers discovered in Ukraine that masqueraded as ransomware. Meanwhile, CryWiper is a pseudo-ransomware instance found on Russian government networks.
2. The rise of Rust coding
Another interesting trend is an increasing tendency for ransomware gangs to use the Rust programming language to develop ransomware. Rust is a multi-paradigm, general purpose language that emphasises performance and concurrency.
The first known group to use Rust was the Alphv group (also known as BlackCat or Noberus) before other groups followed suit. RansomExx created a new variant in Rust and rebranded it to RansomExx2.
Meanwhile, other operations such as Agenda, Luna, Nokoyawa, and the recently taken-down Hive group have also used variations of Rust programming. While this emerging trend primarily impacts malware analysts and threat researchers, it also affects endpoints, as anti-virus engines may not detect newer programming languages as effectively.
3. The growing popularity of double-extortion attacks
Double-extortion attacks involve a cybercriminal encrypting a target’s files while also stealing a copy. The threat is then made that, if the ransom demand is not met, those files will be released publicly.
Unfortunately, instances of double extortion are occurring at an increased rate. Some groups have threatened victims with distributed denial-of-service (DDoS) attacks or have contacted their clients and customers to coerce payment.
Boosting protective measures against ransomware
With ransomware likely to continue to evolve and attacks increase in number, security teams should follow a set of tried-and-true practices to ensure maximum protection. Teams should focus on strengthening network perimeters, monitoring endpoints for anomalous behaviour, and employing swift incident response protocols.
Other important actions that security teams should take include:
Keep software up to date: Many attacks take advantage of known software vulnerabilities so it is important to apply patches and updates as soon as they become available.
Undertake regular backups: Having a solid backup routine can help the victim of a cyberattack to get systems up and running again as quickly as possible.
Deploy email scanning tools: Such tools can automatically scan incoming email for attachments that contain malware. This can prevent an attack before it has even begun.
Install anti-virus software on endpoints: Take advantage of the latest generation of AV tools with heuristic engines that can detect ransomware behaviour, such as mass-encryption events.
Conduct regular user training: Because more than 90% of malware instances begin with a social engineering attack, organisations need to conduct regular staff awareness training. All should be aware of the threat and their part in maintaining protection.
Ransomware attacks are continuing to grow in sophistication and number. For this reason, it is vital that security teams remain vigilant and undertake the steps needed to ensure their organisation has the best possible protective measures in place.
[ad_2]
Source link