Most of the organizations surveyed by Titaniam have backup and security prevention tools in place, but nearly 40% were still hit by ransomware in the last year.
Traditional cybersecurity products were once enough to protect organizations against viruses and attack attempts. But today’s cyber threats are more pervasive, more sophisticated and destructive, requiring stronger security safeguards. A report published Thursday by cybersecurity firm Titaniam examines the inability of traditional security products to fight ransomware in particular.
UNDERSTAND: How to become a cybersecurity expert: A cheat sheet (TechRepublic)
For myself Report data filtering and extortion, Titaniam commissioned CensusWide to survey 107 IT security professionals in the US about their experience with cybersecurity and ransomware. Of the respondents, more than 75% said they have tools in place to protect, prevent and detect data, as well as backup and restore data. To protect their data, surveyed experts pointed to technologies such as encodeincluding encryption at rest and encryption in transit; cover data; and encode.
Data filtering thwarts traditional security efforts
However, the defenses in place have failed to protect organizations against ransomware attacks. Almost 40% of them have been hit by ransomware in the last year, while more than 70% have witnessed such an attack against them in the past five years.
One trick increasingly favored by ransomware gangs is double blackmail. In this type of incident, the compromised data is not only encrypted, but also retrieved by the attacker. Unless the ransom is paid, the criminals vow to not only encrypt the hacked data, but release it publicly. This means that just backing up data is not enough to prevent a ransom demand.
With data scraping efforts up more than 100% from five years ago, 65% of respondents hit by ransomware also had data stolen or compromised. Of those victims, 60% said the attackers used the stolen files to blackmail them by threatening to leak data. As a result, 59% of them feel they have no choice but to pay the ransom.
Understanding the different stages of ransomware attacks
With data theft and double blackmail tactics, how can organizations better protect themselves from ransomware attacks? Titaniam CEO and founder Arti Raman offers some advice.
“You can’t protect yourself against something you don’t understand, so the first thing organizations need to do is analyze how and why ransomware attacks happen and examine them under the hood,” Raman said. their organizational perspective. “Specifically, ransomware attacks consist of three distinct phases: penetration, data destruction, and system locking through encryption.
“Success at any of these stages leads to victory for the attackers, as they now have more leverage to blackmail victims.”
The different stages work as follows:
- Intrusion: After breaking into the network, attackers can monitor the victim’s behavior and install backdoors. This type of exploit can be sold as information or as access to other criminals.
- Data filtering: This can be the most profitable stage, as attackers can use stolen information to demand ransom from victims, their customers, their partners, board members and even their employees.
- System Lock: Attackers can prevent victims from accessing their own systems, especially damaging if an organization lacks proper backup and recovery methods.
“Once you understand these three things, it becomes clear that each has to be counted separately in your ransomware and extortion defense strategy,” explains Raman.
UNDERSTAND: Ransomware: How executives should prepare for the current threat landscape (TechRepublic)
Protect the network against ransomware attack stages
First of all, organizations must invest in prevention and detection systems to minimize intrusions. However, this is only the beginning, as attackers can still take advantage of stolen credentials to bypass these types of tools.
To prevent data intrusion, organizations must invest in all three types of encryption, encryption at rest, encryption in transit, and most importantly, encryption in use. The latest type of protection available, encryption is being used securing both structured and unstructured data while it is in active use. With this level of encryption, attackers using stolen credentials cannot access data even with privileged access. They also cannot get dumped data from memory or by querying the database. As a result, encryption is being used as a solid defense against the data-related aspects of ransomware attacks.
In the event that an attacker is able to break into the network, organizations can prevent system lockouts by investing in backup and recovery solutions.
“Focusing on just one or two… is definitely not enough, as evidenced by the thousands of successful ransomware attacks that have taken place this year,” Raman said. “A complete ransomware defense strategy should include all three.”
However, ransomware gangs increasingly tend to focus more on stealing data and less on locking down the system, according to Raman. For attackers, it seems easier to steal data and threaten to expose it than to risk getting caught while taking the time to encrypt files and deal with decryption technology.
Therefore, according to Raman, it is better for companies to focus on developing strategies to minimize data intrusion along with reducing intrusion attempts and system locking.
