Editor’s Note: The following is a guest article by Sebastian Goodwin, Nutanix Chief Information Security Officer.
Over the past decade, ransomware has become the de facto tactic of cybercriminals looking for quick cash.
And why? With average ransomware payouts approaching $1 million, many criminal groups now sell tools and services on specialized ransomware-as-a-service marketplaces.
With nearly every business already connected to the Internet at all times, global ransomware damages are expected to reach $265 billion annually over the next decade.
In practice, this means that organizations will soon face the reality of being attacked every two seconds by threat actors who continue to evolve their tools and tactics.
Doing business in this world can seem daunting, but modern cybersecurity approaches are working to keep up with the rise of ransomware.
As a result, CISOs looking to apply advanced thinking to ransomware defense can integrate new processes and tactics when developing their cybersecurity strategy.
What’s your name?Ransomware types by description
Today’s ransomware can come from many professional groups and attackers. To further complicate matters, some criminal groups sell ransomware as a business model of a service, allowing anyone with a bank account or cryptocurrency wallet to automate ransomware attacks via Dark’s web. I’m trying
The most common types of ransomware fall into six categories:
- Crypto Ransomware: After infiltrating individual workstations and systems, this type of ransomware finds files and encrypts them, making them unusable. Victims are encouraged to permanently lose access to their data by paying the ransom or deleting the data permanently from the system.
- Locker Ransomware: Crypto-style ransomware blocks access to individual files, while locker-type ransomware affects the entire machine, preventing users from accessing files and programs until the ransom is paid. Generally, this type of ransomware affects computer systems, but some are specifically created to lock down IoT and smart home devices.
- Ransomware as a Service: This type of ransomware, marketed by anonymous hacking groups, automates the process of targeting businesses, infiltrating networks, collecting payments, and returning files. These tools make it easier than ever to attack individual users and organizations using sophisticated ransomware techniques for a fraction of the revenue or a flat fee.
- Scareware: A type of ransomware that tries to scare users into downloading malware disguised as an antivirus program or into paying a ransom. Scareware may display pop-up style images and use fake or simulated programs to make it appear that files have been stolen or encrypted.
- Leakware/Docsware: Leakware, also known as Doxware, is a dangerous type of ransomware that can infiltrate systems and expose sensitive user data. It is the most dangerous for organizations and companies that store or manage personal information and demand ransom money to get the data back.
- double blackmail: Recent types of ransomware often involve multiple aspects of the above attacks. Double extortion attacks use a combination of tactics to compromise systems and encrypt, steal, and hold sensitive data for ransom. Unlike other attacks, double extortion attacks require separate ransoms for returning data and for decrypting, forcing victims to pay multiple times throughout the process.
The diversity and complexity of today’s ransomware environment mean that traditional antivirus software and firewalls are inherently ineffective, and relying solely on them will put businesses at risk of lost productivity, data and, perhaps most importantly, You may suffer a loss of customer trust.
Without up-to-date security practices, affected organizations’ IT teams spend less time supporting the development of new products and services, and spend less time on lengthy investigations of affected storage systems, data recovery, and emergency consultancy. You will spend more time interacting with
Hack against future hacks
One way to modernize security is to proactively integrate protection directly into your storage systems. In this way, security teams can not only detect and mitigate the risk of attacks, but also successfully recover structured and unstructured data while analyzing the attack source.
This approach also facilitates several features that make future-proof systems against cyber threats.
Abnormal behavior detection
A common ransomware attack encrypts a large number of files and generates multiple read, write, and rename events. Enterprises can now integrate built-in threat models to detect this type of activity and generate ransomware threat alerts.
When anomalous behavior indicates an attack, configurable remediation policies trigger automatic responses to block offending client sessions or IP addresses.
Make a fileset immutable
By changing data to read-only as it is written to the storage system, enterprises can create immutable file sets and set retention dates on immutable files to protect data from modification or deletion until the retention period expires. .
Data once written cannot be modified or deleted, protecting your most sensitive data from malicious attacks and ransomware.
Separate management network
Isolating the management network from the read/write traffic used by data services is very helpful in protecting data residing on shared file storage.
By managing multiple virtual networks more effectively, you can also further reduce your attack surface and apply appropriate controls to prevent intruders from accessing sensitive data residing on these networks.
Sharp, Strategic, Safe
Cyberattacks are inevitable and ransomware is a significant and growing threat to all businesses. In today’s cybersecurity landscape, enterprises must hunt for threats, quickly detect and remediate threats to recover and restore operations in real time, and efficiently respond to resulting regulatory and legal demands. We need to be more proactive in what we do.
While CISOs and their teams can’t completely prevent ransomware from targeting their businesses, the rise in attacks has prompted them to implement more efficient data management and security strategies to future-proof their systems. It emphasizes that it is time to build and establish protections for vulnerable central storage.