To achieve their desired outcome, threat actors are shifting away from indiscriminate attacks and instead opting for specifically targeted ransomware. Read on to know more…
The ransomware attacks are becoming more sophisticated and is evolving. To achieve their desired outcome, threat actors are moving away from opportunistic attacks and instead selecting their targets extremely carefully with specifically targeted ransomware.
According to a recent research from Kaspersky, from 2019 to 2020, ransomware attacks on high-profile victims have increased by approximately eightfold. This rise in targeted ransomware coincided with a 29% drop in the overall number of users infected with ransomware of any kind, with WannaCry remaining the most common family.
The highest ransomware demand from 2015 to 2019 was $15 million, according to the Unit 42 Ransomware Threat Report for 2021. The highest demand increased to $30 million by 2020.
Attack Scenarios
The attackers are striking at the most essential and valuable elements of the network, in addition to specific enterprises. High-profile targets, such as enterprises, government and municipal agencies, and healthcare organisations, are frequently selected by threat actors for targeted ransomware attacks. In some of these attacks, the malware is also custom-made to infect each unique victim. This is frequently done without concern for ethical considerations.
These attacks are far more sophisticated with functionalities of network compromise, reconnaissance, data exfiltration and persistence, or lateral movement, which gives more incentives for the threat actors. The threat actors have attacked COVID-19 vaccine research and other sensitive personal data, for instance, with such dire repercussions that even the most steadfast CISOs are having nightmares.
Modus Operandi
The attackers use customized Tactics, Techniques and Procedures (TTPs) to target highly specific organisations depending on their ability or need to pay huge ransoms, a practise known as “big game hunting”.
These attackers are resourceful, taking considerable efforts to learn a victim’s technology stack in order to identify and exploit security flaws, as well as locate the most valuable data to encrypt and hold for ransom. The attackers are also very patient, escalating privileges to get around security measures and avoiding detection for months before dropping and distributing the ransomware payload.
Meanwhile, the attackers also target data backups and encrypt them in order to prevent the organisation from being able to restore files that have been encrypted. And these attackers expect to be rewarded for their extra effort. The Hades ransomware attack is a recent example of this long-tail, targeted technique.
The most concerning aspect of targeted ransomware attacks is that just because a organisation has been targeted once does not guarantee it will not be targeted again.
Mitigation
Malicious programmes with pinpoint targeting are difficult to detect using traditional security safeguards. To stop threat actors as they try to migrate away from their initial infected system — traditional firewalls, endpoint protection, and detection and response tools require the support of an in-network strategy. In other words, a multi-layered defence is the answer to targeted ransomware attacks.
Deception strategies to entice threat actors away from the real IT environment, as well as concealment techniques to hide and prevent access to even the most intelligent of attackers, can help organisations build their layered defences. While this is going on, crucial data and network services such as Active Directory stays safe and secure.
A single endpoint security solution, whether it’s endpoint detection and response, anti-virus, or anything else, isn’t adequate to keep every threat at bay. Even if ransomware does get into an organization’s environment, it’s a good idea to adopt an assume-breach mindset to limit the chances of files being encrypted by the ransomware.
Finally, a defense-in-depth strategy is required, with a range of security controls to close gaps, decrease exposure, and increase overall security posture.
Concluding Words
Targeted ransomware assaults are on the rise, and there’s no sign that they’ll be slowing down anytime soon. Targeted ransomware attacks are one of the most pernicious security threats that businesses face today. They have the potential to cause massive financial and operational damage to enterprises, as well as the loss of employment from the C-suite to the security teams.
Organizations can benefit from high-fidelity alerts and also gain valuable incident response time by adding an invisible layer of deception and concealment technologies to their existing defences. After learning everything there is to know about their would-be attacker, the defender can gain the upper hand.