Ransomware’s New Game is a Killer
The GandCrab ransomware reportedly earned more than $2 billion for its developers in less than two years. Much of the money was the result of their use of RaaS to distribute their malware. By establishing a network of affiliate partners, GandCrab’s authors were ready to spread their ransomware widely and scale earnings dramatically by taking a slice of each attack.
With the addition of two additional prevalent ransomware variants to the RaaS sales model, ransomware not only continues to be a transparent and present danger to enterprise organizations, but organizations can expect a big uptick within the volume and severity of attacks for the approaching year. By using the RaaS model, the authors of malware like Sodinokibi and Nemty are significantly lowering the bar for launching attacks, making ransomware even more accessible and profitable for a growing pool of bad actors.
Protection Requires Preparation
As cybercriminals expand the RaaS market with new ransomware variants to expand their earning potential, enterprises need to significantly intensify their efforts to guard themselves. Bad actors are focusing their attacks to realize maximum impact and profitability, often combining highly targeted attacks with increasingly stealthy and unexpected methods. Organizations that prepare now stand the best chance of withstanding this latest wave of malicious criminal activity.
- Patch and update your operating systems, devices and software.
- Use inventory tools and IOC lists to prioritize which assets are at the foremost risk.
- Update your network IPS signatures and your device antivirus and anti-malware tools.
- Back up your systems and store backups offline, alongside any devices needed for network recovery.
- Run recovery drills and pre-assign responsibilities so systems are often restored quickly in the event of a successful breach.
- Update your email and web security gateways to see email attachments, websites, and files for malware.
- Use a sandbox to execute and analyze new or unrecognized files during a safe environment.
- Block advertisements and social media sites that haven’t any business relevance.
- Use zero-trust network access that has virus assessments so users can’t infect business-critical applications, data, or services.
- Inspect and block bring-your-own-devices that don’t meet the safety policy.
- Use application whitelisting to stop unauthorized applications from being downloaded or run.
- Prevent unauthorized SaaS applications with a CASB solution.
- Segment your network into security zones to stop the spread of infection.
- Use forensic analysis tools to spot where and infection came from, how long it’s been in your environment, make sure you have removed all of it from every device, and ensure it doesn’t come.
- Plan around the weakest link in your security system – the people that use your devices and applications. Training is important but limited. Proper tools, like secure email gateways, for instance, can eliminate most if not all phishing emails and malicious attachments.
Protection Requires Preparation
As cybercriminals expand the RaaS market with new ransomware variants to expand their earning potential, enterprises need to significantly intensify their efforts to guard themselves. Bad actors are focusing their attacks to realize maximum impact and profitability, often combining highly targeted attacks with increasingly stealthy and unexpected methods. Organizations that prepare now stand the best chance of withstanding this latest wave of malicious criminal activity.
Download Free Fortinet Resource
Get access to authentic content from one of the leading security experts in the world from the Philippines’ premier technology provider.
