A Bit of Background...
We gained a bit of notoriety recently for our deep-dive technical analysis and detailed publications surrounding the successful breach and attempted data exfiltration of one of our client environments, perpetrated by the Black Basta ransomware group. While we successfully mitigated a full-blown ransomware event, it has resurfaced how malicious this type of attack can be and the devastation it can cause when successful. In this post, we’ll rehash some ransomware basics and how you can position yourself to remain reasonably secure.
Want to Catch Up on the Black Basta Event?
- DOWNLOAD THE FULL TECHNICAL ANALYSIS
- EXPERT INSIGHTS: BLACK BASTA BACKEND OPERATIONS
- ANALYSIS: BLACK BASTA MALWARE OVERVIEW
- PODCAST: BREAKING BADNESS – QUADRANT SECURITY
- CASE STUDY: THWARTING BLACK BASTA
Ransomware has become one of the most significant cybersecurity threats of the modern digital age. We’ve witnessed a sharp rise in the sheer volume of these attacks, notably in critical infrastructure, the impact of which can be severe.
What is Ransomware?
At its core, ransomware is malicious software that locks a victim's computer and/or data and systems, making them functionally inaccessible until a ransom is paid. The attackers will demand payment, typically in Bitcoin, in exchange for the decryption key that unlocks the files and restores access. In many cases, the attackers threaten to delete the files permanently if the victim does not pay the ransom, or will expose the data on the Dark Web for other threat actors to exploit. There are multiple ways that ransomware can be delivered to a target, most often including phishing emails, infected websites, or by exploiting vulnerabilities in software.
The Rise of Ransomware
The rise of ransomware has been steady over the past few years. In 2015, the FBI's Internet Crime Complaint Center received 2,453 complaints related to ransomware attacks, resulting in losses of over $24 million. By 2016, the number of attacks had doubled, and the losses had quadrupled to over $1 billion. In 2017, the WannaCry ransomware attack affected hundreds of thousands of computers worldwide, including many in hospitals and other critical infrastructure. That particular attack caused billions of dollars in damages and underscored the severity of the ransomware threat.
In recent years, ransomware attacks have become more sophisticated and targeted. Attackers are using social engineering tactics to trick victims into clicking on links or opening attachments that contain ransomware. They are also using more advanced encryption techniques that make it even harder to recover the encrypted data without paying the ransom.
The Impact of Ransomware
The impact of ransomware attacks can be severe. Businesses that are successfully hit by these attacks may lose access to critical data and systems, leading to costly downtime and lost productivity. As mentioned, some attackers utilize a “double extortion” technique, stealing the encrypted data before locking it, while threatening to release the data publicly if the ransom is not paid. This adds additional pressure and can result in reputational damage, regulatory fines, and other legal consequences for the victim.
Preventing Ransomware Attacks
Preventing ransomware attacks requires a multi-layered approach, and even then, there is no magic bullet. The following are some steps that individuals and organizations can take to reduce the risk of a ransomware attack:
- Around the Clock Defense: Threats aren't 9-5pm, they don't sleep and neither should your defenses. Whether in-house, automated, or with a 24/7/365 managed defense partner, keep your eyes and ears on network activity.
- Keep Systems Up to Date: Install updates and patches for operating systems, applications, and other software.
- Use Anti-Malware Software: Install and maintain antivirus and anti-malware software to detect and block ransomware.
- Backup Regularly: Automatically backup critical data to an external source or separate cloud storage.
- Educate Your Users: Train employees and users to recognize phishing emails and other social engineering tactics.
The rise of ransomware is a concerning trend that shows no sign of slowing down. To protect against this threat, individuals and organizations need to take proactive steps to prevent attacks and minimize the impact of any breaches that do occur. By leaning on the tips above, you can stay reasonably sheltered from this threat, though it's important to reiterate that attacks are always evolving and your security posture needs to evolve with them.
Looking to improve your defense against potential ransomware threats? Contact Us for a review of your readiness.