SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Sophos Rapid Response puts out the ransomware fire
Mon, 18th Jan 2021
FYI, this story is more than a year old

In its basic form, ‘the internet', is simply billions of cables, servers, and networks. This conglomeration of technology has changed the way we communicate and revolutionised the way we do business. It's
been the backbone of some very successful businesses, yet it is the very channel that can bring a successful business to its knees, almost instantly.

While legitimate businesses have reaped the benefits of this increased connectivity, so too have less legitimate ‘businesses'. The internet has attracted criminals who see the billions of cables, servers
and networks as a conduit to facilitating nefarious activities for financial gain.

One such activity being deployed by cybercriminals is ransomware attacks with 51% of organisations experiencing a ransomware attack last year.

Ransomware is a type of malware that infiltrates a network, encrypts sensitive data, and holds it to ransom. Ransomware attackers threaten to permanently lock the encrypted data unless victims pay
for decryption. In some cases, even when the victims pay the fee, the data remains locked, and the criminals walk away richer while the victims remain at a loss from both a data and financial standpoint.

According to Sophos' The State of Ransomware 2020 report, almost three-quarters of ransomware attacks in 2020 encrypted victims' data, and just 26% got their data back from paying the ransom (the rest got it back from backups).

Behind the scenes, those who create and distribute ransomware aren't sticking to the same tactics they've used since The AIDS Trojan popped up in 1989.

In 2020, ransomware attackers focused on server-based attacks, which are targeted, sophisticated, and take a lot of effort to deploy - so they're going after high-value targets, according to the Sophos report.

Ransomware-as-a-service (RaaS) attacks go for a scattergun approach - they target as many victims as possible and often demand lower ransoms than targeted attacks. These have been dubbed by some as the 'fast food franchise' of ransomware because they're fast and easy to deploy. Those offering RaaS are making their money off other criminals who pay for the service to conduct their own attacks.

There are also ‘spray and pray' attacks, which are similar in that they are mass-developed ransomware attacks that are easy to create and easy to deploy, but much of the focus is on targeted attacks.

Targeted attacks are most commonly spread through file downloads or emails with malicious links, direct remote server attacks, misconfigured public cloud instances, remote desktop protocols, via suppliers, and via removable media devices.

“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot,” the report notes.

The first step to mitigating these problems is to always assume that it is inevitable that every organisation will be hit by a ransomware attack.

The second step is to deploy the right security defences to ward off attacks. Keep backing up data, online and offline. The third is to protect data, no matter where it is. The third is to protect data, no matter where it is stored.

Cybersecurity firms like Sophos have been quick to create solutions that mitigate malware and cyber threats, including ransomware.

Sophos Rapid Response is designed to stop threats against any organisation. Expert incident responders quickly move to identify and neutralise threats - whether those threats are infections, compromises, or unauthorised access.

Every second counts. Cyber attackers can progress through their ‘kill chains' very quickly, so it's important to get out of the danger zone fast.

Sophos Rapid Response offers rapid identification and neutralisation of threats, plus:

  • Immediate help - quickly triage, contain and neutralise active threats
  • Threat removal 
  • 24/7 monitoring - incident response and always-on monitoring for 45 days
  • VIP treatment - a dedicated point of contact and response lead
  • Post-incident analysis - threat summaries that detail investigation and all actions taken
  • Predictable pricing - upfront, fixed costs with no hidden fees

Learn more about Sophos and its Rapid Response solution here.