In the two years since I wrote an article on ransomware, this issue has continued to plague individuals and companies worldwide.
So, what’s new in 2019?
WannaCry is still launching 3,500 successful attacks per hour
- Source: techrepublic.com
The good news is that perimeter and endpoint protection created to combat these threats has become more common and more sophisticated but sadly so have the ransomware attacks.
WannaCry, one of the most notorious ransomware cryptoworms, continues to create worldwide damage years after their most notorious worldwide cyberattack of May 2017. Wannacry is still responsible for 3,500 successful attacks per hour according to research published by security firm Armis this May, noting that "a single WannaCry infected device can be used by hackers to breach your entire network."
Where is ransomware heading?
An interesting article from Recorded Future outlines four interesting trends of 2019:
- The ransomware market will continue to grow, but few campaigns will have impact
- Successful ransomware campaigns will continue to rely on open RDP
- GrandCrab bucks the trend# 1 and #2 above, and somehow be successful
- Nation-States and cybercriminals will continue to blend ransomware attacks
Ransomware attacks on businesses are still on the rise but the growth has slowed significantly. A recent Malwarebytes report found overall business detections of malware rose by 79% over the last year while ransomware detections in the business world only rose by 9%.
Business detections of malware rose by 79% over 2018
- Source: malwarebytes.com
Specific families of ransomware are still on the rise. Malwarebytes has found a sharp increase in Troldesh ransomware, also known as “Shade." between Q4 2018 and Q1 2019. Other big players from this period to watch out for are SamSam and GrandCrab.
The data shows that Ransomware is losing ground to other malicious activity such as Cryptojacking which is malicious mining of cryptocurrency. As defined by Enterprise Times in Cryptojacking 101, “the crooks get code onto your devices without your permission to mine for cryptocurrency using your equipment and your resources.”
How to combat ransomware
It is increasingly important to have the right policies and tools to prevent, detect and respond to cybersecurity threats. The focus of this blog is about the change in trends in ransomware, rather than selecting a tool to combat it as the latter topic is worthy of an entire blog. I can , however, offer some general advice on the subject.
Cryptojacking surged by 450% over the course of 2018
- Source: securityintelligence.com
Sophos released a valuable report Standing Up to Cryptojacking:
Best Practices for Fighting Back that is worth reviewing for information on this growing threat. In short, they recommend a layered approach similar to protecting against ransomware. The risks and methods of protection remain the same so check out my original article for a quick refresher.
There is no single solution to suit all businesses. You must strike a balance between security, cost and usability that is right for your organisation. In order to do this, you must understand what you’re trying to protect and define your requirements. Questions to ask include; What is your BYOD policy? Do you have many mobile workers? Do you plan to protect smartphones? Do you have a hybrid on-prem/cloud environment? Do you need to integrate with other existing security tools? Are you looking for one solution to protect both your user devices and servers?
When shortlisting vendors, look for a solution that:
- Rates well in independent tests for real-time protection
- Has a small footprint on protected devices
- Includes centralised management and alerting
- Has proven “next-generation” protection with behaviour analysis, learning, forensics and analytics, ransomware protection and threat intelligence.
In short, there is no one-size-fits-all solution. Sandfield can help you check you have the correct level of protection in place to suit your risk profile.
Many ransomware attacks use phishing as the method of infiltration. Watch this space for my next blog post on How to Spot a Malicious Email.