The world of cybersecurity moves fast. It seems as though no sooner do you fix one issue than another one pops up. And, it remains true this week too, as ransomware trends evolve.
Only a few days after last week’s warnings, another group of vendors announced serious vulnerabilities and important patches.
For instance:
- VMware warns of a vulnerability in their Workspace One Access, Identity Manager, and vRealize Automation products that allows attackers to gain admin privileges
- Cisco fixed VPN router vulnerabilities that permit attackers to execute arbitrary code
- Kaspersky VPN Clients found vulnerable to local privilege-escalation attack
Sure, these vulnerabilities pose risks, leaving you open to attacks.
And yes, ransomware trends continue to shift and evolve methods. But, fortunately, Microsoft continues to improve your ability to defend and respond.
Let’s take a look at the latest efforts in the cybersecurity version of ‘The Good, the Bad, and the Ugly’.
New Ransomware Trends
Reports of new ransomware victims continue to make headlines each week.
It’s no surprise when prominent hackers, like the Conti ransomware gang, attack up to 40 victims in a single month. In fact, researchers believe that in the first three months of 2022, the volume of ransomware attacks already matched the total number in 2021.
It’s not all bad news, though. In contrast to these bleak trends, researchers note that ransomware-linked breaches dropped 20% between Q1 and Q2 of 2022. Additionally, while the average (mean) ransomware payout increased in Q2 2022 to $228,125 (up 8% from Q1), the median value dropped by 51% to $36,360.
In other words, although a few businesses end up paying higher ransoms, for the most part, attackers demand less than before. This is due in large part, to the fact that businesses are less likely to simply ‘pay up’ than ever before.
Of course, this becomes a double-edged sword. Sure, outrageous demands in the millions of dollars are unlikely to be met.
But, what if it were only $100K to resume normal operations? What about $10K? $500?
Is there really ever a point at which it’s OK to simply give in and move on?
Initially, it might sound easy. But, here’s the thing: 80% of victims who pay up are struck a second time.
If more companies continue refusing to paying ransoms, attackers might stop using ransomware.
Until then, you need to consider ransomware a strong threat.
Microsoft Macro-Block Effect
True to their word, Microsoft’s temporary rollback of macro blocking only lasted a few weeks.
However, attackers began changing tactics as soon as Microsoft announced the future blocking of macros back in October 2021.
The use of macro-enabled attachments to deliver malware declined 66% between October 2021 and June 2021. This demonstrates the power of simple changes making big impacts.
However, attackers didn’t go away. Instead, they shifted to other file types such as:
- Container files (ISO, ZIP, RAR) – attacks up 175%
- LNK files – attacks up 1,675%
Once again, you can see how attackers and ransomware trends continue shifting.
Other Microsoft Defenses
While fighting off attacks might feel like an unending game of whack-a-mole, Microsoft continues to add tools and defenses to help defend your systems.
Both Windows 10 and 11 contain a feature called controlled folder access that will deny unknown applications access to files. By default, the feature only protects a few basic folders. You’ll need to manually add any additional directories.
Windows 11 adds even more safety features such as improved Microsoft Defender for Endpoint. This feature offers enhanced ability to identify and intercept ransomware. Windows 11 also utilizes Smart App Control that blocks ISO, LNK and other files that come from the web – just as Windows blocks macro files.
Other Efforts to Combat New Ransomware Trends
Microsoft isn’t the only group attempting to combat ransomware trends.
For instance, Kaspersky offers a free anti-ransomware tool to prevent attacks, while Bitdefender provides free decryption tools to help victims to decrypt files.
Similarly, the organization No More Ransom, a public-private entity formed six years ago by Europol, the Dutch National Police, Kaspersky and McAffee, helps victims to recover encrypted files.
The FBI also maintains active investigations, and in July, recovered $500,000 paid to the North Korean-affiliated Maui ransomware group, after seizing cryptocurrency accounts.
Help for Defense
Governments, Microsoft, and other vendors will continue to develop resources to combat ransomware trends and attacks.
Yet until these efforts put a significant dent in the number of attacks and overall impact, the defensive burden ultimately lies with you.
You need to evaluate your environment, making use of appropriate tools and technologies. You need to create layers of defense against attack.
For example, even if Microsoft provides tools, or the US government provides Server Message Block (SMB) Security best practices (which recommend blocking the SMB protocol), you still need to make your own evaluation. In the end, only you can determine if these strategies are suitable for you.
Fortunately, you don’t need to make these decisions without help. All you need to do is call on outsource partners like Ideal Integrations, who, along with their cybersecurity division Blue Bastion Cyber Security, will help you evaluate and implement tools and strategies.
Simply call 412-349-6680, or fill out the form below, and our experts can provide a no-obligation discussion of necessary steps to examine your specific organization and propose options for defense.
And, as always, stay vigilant.
Making the Decision
Ultimately, if you are happy, stable, and your costs are under control, perhaps there is no strong reason to consider Microsoft 365.
Wait until there are features you must have, or until there is a significant cost coming up to reevaluate.
However, if you want to accurately compare possibilities, call Ideal Integrations today at 412-349-6680. We will guide you through options, help you estimate costs and determine if your organization can realize any advantage through a cloud transition.