Vectra, network threat detection and response (NDR) solutions provider, has disclosed that cybercriminals’ most effective weapon in a ransomware attack is the network itself, which enables the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-service (IaaS) cloud providers.
Attackers today can easily evade network perimeter security and perform internal reconnaissance to locate and encrypt shared network files. By encrypting files that are accessed by many business applications across the network, attackers achieve an economy of scale faster and far more damaging than encrypting files on individual devices.
According to the Vectra 2019 Spotlight Report on Ransomware, recent ransomware attacks cast a wider net to ensnare cloud, data centre and enterprise infrastructures. Cybercriminals target organisations that are most likely to pay larger ransoms to regain access to files encrypted by ransomware. The cost of downtime due to operational paralysis, the inability to recover backed-up data, and reputational damage are particularly catastrophic for organisations that store their data in the cloud.
“The fallout from ransomware attacks against cloud service providers is far more devastating when the business systems of every cloud-hosted customer are encrypted,” said Chris Morales, head of security analytics at Vectra. “Today’s targeted ransomware attacks are an efficient, premeditated criminal threat with a rapid close and no middleman.”
Ransomware is a fast and easy attack with a bigger payout than stealing and selling credit cards or personally identifiable information (PII), both of which have perishable values as time passes after their theft. Factor-in cryptocurrency as the ransom payment – an anonymous, hard-to-trace currency – and it’s easy to see why cybercriminals like ransomware’s clean, no-fuss business model.
“Our research indicates that 53% of organisations say they have a ‘problematic shortage’ of cybersecurity skills today and the ramifications of it are very evident with fast-moving ransomware attacks,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “The industry simply doesn’t have enough trained security folks scanning systems, threat hunting or responding to incidents. This Spotlight Report offers important insights into the weaponization, the shift from opportunistic to targeted attacks, and the industries targeted by ransomware that can help organisations be better prepared.”
Artificial intelligence can detect subtle indicators of ransomware behaviors and enable organisations to prevent widespread damage. When organisations recognise these malicious behaviors early in the attack lifecycle, they can limit the number of files encrypted by ransomware, stop the attack from propagating, and prevent a disastrous business outage.
The 2019 Spotlight Report on Ransomware is based on observations and data from the 2019 Black Hat Edition of the Attacker Behavior Industry Report, which reveals behaviours and trends in networks from a sample of over 350 opt-in Vectra customers. The Attacker Behavior Industry Report provides statistical data on the behaviors motivated attackers use to blend in with existing network traffic behaviors and mask their malicious actions.