Attack of the Ransomware

It’s the nightmare that never ends. Ransomware attacks are becoming more rampant as time goes on and are going as far as affecting people’s daily lives. Experts predict that there will be ransomware attacks every 11 seconds this 2021, which is a significant increase from one attack every 40 seconds in 2016.  According to a report by Chainalysis, ransomware gangs made at least $350 million in ransom payments last year and are only expected to increase.

Just last May, the Colonial Pipeline fell victim to a ransomware attack by the group DarkSide. This caused the company to halt all pipeline operations and caused a gas shortage in the US which, consequently, caused panic buying across the country. This attack underlines the vulnerabilities faced by utilities and infrastructure companies specifically. Private enterprises across all industries are up against sophisticated and complex attacks that can do a lot of harm.

Ransomware has evolved into something complicated and dangerous for all industries and institutions out there. There have been reports of ransomware attacks targeting schools. In November of 2020, Baltimore County Public Schools systems were shut down by a ransomware attack, which halted online classes for a few days for 115,000 students. A ferry service that transports people to and from Martha’s Vineyard also fell victim to an attack which caused numerous delays. However, the most devastating would be how ransomware attacks are targeting healthcare organizations and hospitals.

As healthcare institutions and organizations navigate its way through this global pandemic, the industry has also been experiencing an increase of attacks by cybercriminals. Government officials have expressed their concerns on the growing ransomware threats this past year. According to the Security Magazine, these attacks are able to limit or completely shut down access to critical care for patients in need, forcing healthcare institutions to comply with the attackers demands. Last year, University of Vermont Medical Center was hit by a ransomware attack and took them nearly a month to regain access to the medical records. As a result, treatments for chemotherapy patients were delayed and were sent to other centers to be treated.

Modern day ransomware continues to be a major source of concerns for government officials, CISOs and infosecurity teams at large and small businesses. They are not the same old ransomware that people are used to. Only a few years ago, ransomware attack used the “spray and pray” method of scattering ransomware all over the internet, hoping to make a hit. Today’s attacks are calculated and are carried out by sophisticated actors. Ransomware groups have evolved into syndicates and have grown into large, transnational criminal enterprises that make billions in revenue. Examples of ransomware actors are Ryuk, Egregor and REvil/Sodinokibi.

Active since August 2018, the Ryuk ransomware threat is notorious for targeting business, hospitals, and government institutions. The group behind this is known for using manual hacking techniques and open-source tools to move through private networks and gain administrative access to as many systems possible. Ryuk caused millions of ransomware attacks globally last year, primarily targeting the healthcare sector. It was responsible for the massive attack on Universal Health Services, the largest US health systems, back in October 2020.

Egregor is a relatively new ransomware that is making its way to the top. It uses “double extortion” which relies on stolen data on leak pages to pressure victims to comply to their demands. Reports say that Egregor has claimed at least 71 victims across 19 different industries worldwide.

REvil/Sodinokibi, first seen in June 2020, was reported to be auctioning off stolen sensitive data from companies. The developers of this ransomware claim that they have made over $100 million in one year by extorting large businesses across the world— companies like GEDIA Automotive Group, Travelex, and Kenneth Cole to name a few.

These are just a few of the ransomware groups that businesses should be wary of; the list is expanding and evolving rapidly. Since 2019, at least 10 Ransomware as a Service (Raas) groups have emerged, with other 9 groups labeled as “rising” powers. With the growing number of attacks and threats, it has not only affected large- and small-scale businesses and institution but the average person as well. It is even more apparent now that establishing a concrete and advance cybersecurity plan is a must for all industries across the globe.

How Illusive can help

 Illusive offers a three-pronged approach that can paralyzes advance ransomware attacks. Their first approach is to identify and eliminates extraneous cached credentials and pathways that are created through legitimate connectivity between devices (e.g., Shadow Admins or RDP session). Second, they replace those extraneous lateral movement pathways with customized deceptive stories that appear attentive to threat actors. This way, threat actors will launch their attacks on the deceptive hosts rather than the production hosts.  Lastly, if a ransomware attempts to encrypt a production host, it will be diverted by deceptive data contained on that host. This will send alert to the organization to block the malicious activity on the device before it can be encrypted and spread to other hosts.

Completely eliminating threats and attacks is impossible but instating a cybersecurity that protects and identifies bad actors early on greatly reduces the risk of a breach. Early detection of cyberattacks is key to protecting a company’s network and sensitive data from being infiltrated and stolen.

——

References:

Wilson, Mike. “Colonial Pipeline Shows How Not to Handle a Ransomware Attack.” American Banker, 28 June 2021, www.americanbanker.com/opinion/colonial-pipeline-shows-how-not-to-handle-a-ransomware-attack.

[email protected]. “Major Ransomware Threat Groups & What Makes Them Effective.” Illusive, 19 Mar. 2021, illusive.com/resources/illusive-blog/the-major-ransomware-threat-groups-and-what-makes-them-effective.

Homer, Andrew. “Healthcare’s next Emergency: Ransomware Follows in the Footsteps of the Pandemic.” Security Magazine, 18 May 2021, www.securitymagazine.com/articles/95235-healthcares-next-emergency-ransomware-follows-in-the-footsteps-of-the-pandemic.

Kelly, Heather. “Ransomware Attacks Are Closing Schools, Delaying Chemotherapy and Derailing Everyday Life.” Washington Post, 5 June 2021, www.washingtonpost.com/technology/2021/07/08/ransomware-human-impact.

Balaban, David. “Attacks On Healthcare Sector Are On The Rise.” Forbes, 3 June 2021, www.forbes.com/sites/davidbalaban/2021/05/30/attacks-on-healthcare-sector-are-on-the-rise/?sh=6cf48f6c264c.

Constantin, Lucian. “Ryuk Ransomware Explained: A Targeted, Devastatingly Effective Attack.” CSO Online, 19 Mar. 2021, www.csoonline.com/article/3541810/ryuk-ransomware-explained-a-targeted-devastatingly-effective-attack.html.

Previous

Next