Maybe your business is one of the lucky ones. Maybe you’ve never dealt with a data breach, hack, or ransomware attack.
But, if you think of ransomware as something that happens to “the other guys,” you might want to reconsider.
Recent surveys estimate that ransomware attacks targeted 67% of organizations in 2021. Even worse, as high as 16% were hit at least three times.
Attackers’ continued success drives their innovation, keeping them ahead of the tools and methods trying to stop them.
But that doesn’t mean you’re helpless to stop them. On the contrary, knowing these latest methods remains one of the best ways to keep you and your business safe.
Dangers of Open-Source Software
Open-source software is a great way to drive innovation and speed up improvements. It promotes free exchange of ideas and drives advancements.
However, it’s not always used for good.
For example, the Yanluowang ransomware gang recently began attacks, taking advantage of open-source tools to scan networks, stealing passwords from common browsers such as Firefox, Chrome, Internet Explorer and more.
These common open-source tools aren’t usually blocked by endpoint protection software, even for malicious purposes.
Why? Because they’re also used for common, productive reasons.
Fortunately, you can counter these open-source tools with program whitelisting. This blocks any program not explicitly required by your business – at least for regular users.
If you have administrators that want to run these tools, you’ll need to create special credentials and permissions to run them. Sure, it’s an extra step, but it’s one you won’t regret.
To counter credential theft, deploy password management solutions and forbid storing critical passwords in browsers or in local files. These steps also help to counter the similar attacks like Microp ransomware.
This tricky malware starts life as a phishing attack. However, it evades detection from secure email gateways and endpoint protection by using a “safe” hyperlink to Google drive.
The hyperlink accesses a common .mht file (used for archived webpages), which also appears legitimate. That’s when the real damage is done, when it downloads a compressed .rar file containing the malware.
Although advanced endpoint protection software catches many standard ransomware attacks, criminals continue to find clever ways to avoid detection.
For instance, the Lockfile malware only encrypts every 16 bytes of a file. Since the file looks statistically close to the original, standard protection software has a hard time detecting it.
In another case, the Memento ransomware switches to a password protected WinRAR file if their normal encryption method is detected and blocked.
These are only a few of the ways attackers continue to find new, innovative ways to sneak past modern defenses.
Cybersecurity: Beyond Backups
Does your organization rely on backups as a primary defense against ransomware?
It’s certainly a good place to start. After all, if you can easily bring your systems back online after a ransomware attack, then the effects to your business is minimized.
However, the Conti ransomware gang seeks to undermine this method by locating and destroying their victim’s data backups.
Not only that, but over the past two years, as many as 81% of ransomware attackers also stole intellectual property and corporate data as another way to squeeze money from victims.
Even then, double extortion doesn’t satisfy every attacker.
Many ransomware gangs attempt to remain undetected on systems as long as possible, enabling them to monitor emails or steal passwords (internal, customer, and employee alike.)
While undetected, ransomware attackers capture internal email addresses for future phishing scams. Malware gangs use external contacts for not only for phishing, but to make Business Email Compromise (BEC) attacks more credible as well.
Eventually, their ransomware attack launches. At that time, the ransomware gang publicly broadcasts their theft, damaging customer relationships and undermining corporate reputation.
Attackers also put pressure on the ransomware victim through affected customers and employees. Since so many people reuse passwords, every one stolen might be linked to dozens more personal accounts.
In addition to credentials theft, ransomware gangs pursue many other attacks in advance of triggering malware, such as:
- stealing money from bank accounts
- installing adware
- launching cryptomining malware
- selling lead lists from stolen customer data
- selling stolen passwords
- using corporate systems to launch attacks on other victims
The comprehensiveness of these attacks only becomes worse through the use of automation.
Blunting New Ransomware Attacks
There are many other types of attacks besides ransomware.
The FBI recently warned about zero-day attacks on FatPipe VPNs, and hackers installing webshells on servers through Zoho ServiceDesk Plus.
Automated detection and response software will eventually address these methods, it takes time for them to adjust. And no matter how many they find, there are always more.
To limit the damage from new attacks, you must a) focus on protection to limit the number of attacks, and b) monitor to catch any successful attacks as quickly as possible.
As long as cybercrime remains profitable, hackers will keep coming up with new, unique approaches to their craft. But, through strong security practices and employee training, your business has a good chance to remain one of the lucky ones.
Sure, the future of cyberattacks is one full of as many questions as there are answers.
But the most important one is: With ransomware evolving, is your cybersecurity keeping pace?
For a free consultation on available options to improve IT security and monitoring, call Ideal Integrations at 412-349-6680 or fill out the form below.
Our consulting team can provide a no-obligation walkthrough of a full stack of security solutions such as secure email gateways, advanced endpoint protection software, cyberthreat monitoring, and more.