The Increased Threat of Ransomware

By Jason Headen April 6, 2022
Ransomware Threat

In 2021 ransomware increased globally across a variety of sectors including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors. Ransomware tactics and techniques continue to evolve and become more professional as ransomware attacks continue to be seen as financially viable. There is continued difficulty in identifying those involved because of the complex networks of developers, affiliates, and freelancers that engage in ransomware activity.

Emerging Trends

The following behaviors and trends have emerged among cyber criminals in 2021:

  • Gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting vulnerabilities
  • Using cybercriminal services-for-hire
  • Sharing victim information across ransomware networks
  • Shifting away from organizations of high value or that provide critical services after several high-profile incidents
  • Diversifying approaches to extorting money such as the triple extortion method: release stolen sensitive information, disrupt internet access, contact victim’s partners and shareholders
  • Targeting cloud infrastructure
  • Targeting managed service providers
  • Attacking industrial processes
  • Attacking the software supply chain
  • Targeting organizations on holidays and weekends

Mitigation of Ransomware Attacks

The following steps can be taken to reduce the likelihood and impact of a ransomware event:

  • Keep all operating systems and software up to date
  • If you use RDP or other potentially risky services, secure and monitor them closely
  • Implement a user training program and conduct phishing exercises
  • Require muiltifactor authentication (MFA) for as many services as possible—particularly for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups.
  • Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to have strong, unique passwords
  • If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth
  • Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud
  • Segment networks
  • Implement end-to-end encryption
  • Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network-monitoring tool
  • Document external remote connections
  • Implement time-based access for privileged accounts
  • Enforce principle of least privilege through authorization policies
  • Reduce credential exposure
  • Disable unneeded command-line utilities; constrain scripting activities and permissions, and monitor their usage
  • Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration
  • Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure
  • Collect telemetry from cloud environments

 

Learn More

Security for digital infrastructure is increasingly important for organizations of all sizes. If the current trends continue, it will not be a matter of “if” a ransomware attack occurs, but rather “when” one will occur. At Atiba we offer a range of services to help meet your needs including:

Atiba can help develop a roadmap to better security and compliance, as well as, a plan for what to do in case of a ransomware attack. Reach out to Atiba to find out how you can get assistance and a custom tailored solution for your needs.

 

 

Now that we have your attention...

Want to learn more about Atiba or get in contact with one of our tech experts?

Want to get in contact?
Need a project quote or just have some questions? Get in touch today!
Check out our services.
Want to see what else we offer? Head over to the services page.