By William Leichter, VP Product Management, Virsec
As the fastest-growing malware threat, ransomware attacks are trending high in the news, targeting organizations and users of all types. Now, with the current COVID-19 pandemic stretching governments, healthcare systems and essential businesses thin, new research from Microsoft shows that ransomware attackers are actively making the crisis worse. They’re hacking and taking complete control of internal systems, forcing healthcare and critical infrastructure organizations to pay a ransom at a time when they can least afford downtime. In many cases, hackers are benefiting off of the groundwork they laid months ago, before COVID-19 hit.
However, it’s not just critical infrastructure and healthcare organizations at risk – every organization should be taking precautions. Cyber ransom attacks have become a top priority for law enforcement and enterprises around the world because highly-skilled malware developers are constantly taking ransom attacks to a new level. For example, LockerGoga and MegaCortex ransomware pair unique methods of iterating through victim files with destructive disk-wiper functions. Organizations facing this type of event not only have to recover lost data but must restore the entire OS and rebuild their system structure.
Ransomware attacks can use a wide range of techniques to break into systems, find sensitive data, deploy encryption tools, encrypt data, and demand a ransom in exchange for retrieving encryption keys. In fact, the encryption/ransom step is usually the final objective that only executes after multiple other hacking steps. To avoid these attacks, it’s crucial to be able to detect the threat in each step before it occurs and address it with web attacks, command injections, deploying ransom tools, and encryption. However, if you do find yourself the target of a ransomware attack, it’s important to know how to respond.
Where To Start
When organizations (especially those in critical infrastructure) are faced with a ransomware attack during a pandemic, they have two choices – to pay the ransom or not. Many organizations are historically quick to take the stance of, “Just make this go away – pay the hackers and get my data back.” The issue is that paying up does not mean everything will be instantly fixed. There is a lot of work required to ensure a defense that prevents attackers from continuing to prey on you, and paying up leaves you looking like an easy mark for future attacks. Moreover, you can’t trust that perpetrators will keep their part of the arrangement to let go of the hold on your system and set your data free once you’ve paid the ransom.
The other option is to shut down the entire network, rebuild the system, and restore files from your backups. Initiatives like NO MORE RANSOM help victims recover data without paying attackers and provide decryption tools that allow victims to unlock files. However, this approach is not straightforward either – it can take lots of human resources and months of time for a full recovery.
No matter the decision you make, there is painstaking work to be done following a ransom attack. Day-to-day business must continue, but often without the automation and digital tools that simplify tasks and operational processes.
Avoid Attacks with Improved Defenses
Future-proofing information systems and the application infrastructure against ransom attacks is now essential whether or not you have suffered an attack.
Industrial control and IT infrastructure providers, like Schneider Electric, Aveva, and GHD, have partnered with security industry leaders. Their goal is to define a capable zero-trust infrastructure for high-valued information systems. The aim is to stop attacker efforts immediately as soon as the network, servers, and systems are compromised. Researchers at these companies found existing security solutions profoundly lacking capabilities to defend critical services against evolving ransomware properly and in real-time.
These solution providers establish partnerships with emerging security technology companies to better equip themselves and their customers with proactive defenses. At the top of the list, they need advanced application controls that are designed on the assumption that attackers will ultimately reach critical systems. Advanced cybersecurity solutions can now enable visibility into essentially every application function during runtime, and with real-time insight into workload components as systems are executing. Organizations gain confidence in real-time attack detection, and responsive actions before attackers seize any files – a win in the battle against ever-changing means of malicious system seizures.
The surest thing of all is that regardless of how much you prepare, hackers will keep on successfully hacking. The question is, will your network be able to fend off their devious methods? Some solutions, like Virsec, are unique in their ability to precisely detect each step of a complex attack within milliseconds and instantly take actions to surgically stop attacks without disruption. By protecting the full attackable surface of an application, it provides application defense-in-depth to stop ransom attacks immediately, regardless of the specific sequence used.
Willy Leichter leads Virsec marketing, with over twenty years of experience in product marketing, product management, outbound marketing, communications, digital marketing, and demand generation. He has worked with a wide range of global enterprises to help them meet evolving security challenges.
With extensive experience in a range of IT domains including network security, global data privacy laws, data loss prevention, access control, email security and cloud applications, he is a frequent speaker at industry events and author on IT security and compliance issues. A graduate of Stanford University, he has held marketing leadership positions in the US and Europe, at CipherCloud, Axway, Websense, Tumbleweed Communications, and Secure Computing (now McAfee).