One thing is clear: no one is safe from ransomware attacks. What is changing, however, are attack modes as threat actors adjust their methods based on evolving mitigation methods being employed.
For several years, ransomware has been viewed as a type of malware that locks or encrypts the system or data and demands a ransom payment to restore access to systems and data. Ransomware takes an organization’s dependence on technology and tries to use it to force them into paying the ransom. With the rise in ransomware attacks, which saw a 229% increase in reported attacks from 2017 to 2018, a number of effective mitigation strategies have emerged, thus making it less profitable for threat actors to use.
As a result, new forms of ransomware have started to emerge. Looking at them from the traditional CIA Triad, these attacks hit:
In the more common of these new attacks, instead of targeting availability, victims are threatened with loss of confidentiality, unless the ransom is paid. The most high profile current example is Maze ransomware, which not only encrypts a victim’s data — as happens with all Windows ransomware — but also exfiltrates it before the encryption process begins, so that they can use it to pressure the victim to pay whatever ransom has been demanded. Another example of this that is currently being seen is Clops where the data is posted to the CL0PS site.
What does this mean? That security professionals cannot afford to neglect Integrity Ransomware attacks as they appear to be trending upwards.
In assessing threat risks, security analysts generally try to determine whether they are vulnerable to the threat, a likely target of the threat, and what damage could occur if the threat resulted in a successful attack. All three legs of the CIA Triad should be examined when performing this analysis.
Executives typically focus on preventing loss of confidentiality since these breaches typically result in fines, brand damage, loss of customer confidence due to identity theft, high remediation and credit card replacement costs, and public embarrassment.
Accordingly, some basic precautionary measures to take include:
As ransomware attacks continue to increase, the best defense is to plan ahead, leveraging strategies to help keep your organization ahead of hackers as they refine their attack modes.