Ashok, CEO of UnfoldLabs, is an innovation veteran who believes in making the world a better place with futuristic technology products.
Cybersecurity teams around the world have worked feverishly to mitigate the effects of what CBS News called the single largest worldwide ransomware assault on record, which has impacted hundreds of firms. Large grocery chains around the world have had their cash registers shut down as a result of this process. Hundreds of stores have had to be closed due to the ongoing threat.
The infection was spread primarily through companies that remotely manage IT infrastructure for multiple customers. This breach appears to have leveraged many service providers to distribute its impact indiscriminately throughout a vast network of smaller organizations rather than a planned, focused attack on a single large company. In Q2 2021, 740 victims were named out of nearly 2,600 victims mentioned on ransomware data leak sites, a 47% increase over Q1 2021.
CBS News noted that “thousands of victims in at least 17 countries” were infected by an affiliate of the notorious REvil gang, best known for extorting $11 million from an American meat processor. Also, this is the second consecutive quarter that the notorious Conti gang has been very active in terms of cyberattacks. Conti is related to the Ryuk ransomware, which ruthlessly targets organizations in critical sectors like the devastating attack on Ireland’s health care system.
Attacks As A Commodity
On the surface, it’s tempting to assume that ransomware based on botnets and loaders purchased on the dark web is less sophisticated than assaults created from scratch. Many cyber thieves, on the other hand, are using these technologies to look for flaws in a system or network. Threat actors can launch larger and more devastating strikes by scouting ahead of time. These strikes frequently begin as low-level or sleep attacks and progress to large-scale damage.
To launch double-extortion ransom attacks, threat actors are turning to community ransomware such as the recently discovered Egregor family. This type of attack not only asks the corporation for money in exchange for releasing the data, but it also goes after the people whose information was taken. The data is frequently damaging to a person’s or business’s reputation to the point where they may be ready to pay for its release.
How To Stop Ransomware Like This
To avoid these types of attacks, I would advise focusing on the basics. Use basic methods like safeguarding endpoints, employing multifactor authentication and ensuring that staff regularly update operating systems on all devices. It’s also important to back up systems and store backups somewhere other than the primary network.
• Update antivirus databases regularly. Before launching an assault, ransomware developers frequently test their code to ensure that antivirus software won’t detect a new version of ransomware. As a result, it’s in your best interest to have the most recent virus database available in your antivirus to detect the most recent viruses.
Antivirus software should also be installed on your virtual machines. There are antivirus solutions that do not require the use of an agent.
• Configure anti-spam and anti-malware filters correctly on email servers. This can help avoid or greatly minimize the likelihood of users receiving email messages containing hazardous links or malicious file attachments. Use Exchange Online Protection, Advanced Threat Protection and Threat Intelligence for Microsoft 365 to learn more on how to protect users who work with email.
• Configure routers. Ransomware attacks are launched on routers not configured correctly. To determine which port is open, attackers typically scan standard ports for commonly used services. To protect against ransomware invasion, it’s critical to configure firewalls on routers. Please don’t forget to disable access to unused ports and change standard port numbers with unique (unused) port numbers.
• Set up URL filtering and ad blocking as needed. Malware can be spread through advertising. Malwertising is the jargon for deceptive advertising. URL filters on routers offering internet access for users in your organization should prevent websites with a negative reputation that are used to transmit malicious content. Modern software can constantly add new harmful sites to content filter configurations to keep the URL filtering system up to date.
• Train personnel. A single user’s device might be the entry point for a ransomware assault that affects the entire enterprise. Ransomware data show that human error is the leading cause of ransomware. It’s critical that your personnel are trained to spot and comprehend ransomware threats and infection methods.
• Raise staff awareness. Users will try to get around your protection if you don’t raise staff awareness about ransomware attacks and cybersecurity concerns in general and, instead, block everything. As a result, create a balance between a strict security policy with strong limitations and staff knowledge.
• Make sure staff uses strong passwords. Keep in mind that if complicated passwords are changed too frequently, users are unlikely to remember them unless they write them down someplace, which increases the risk of a leak again.
Talks about cybersecurity must go beyond the fatalistic discourses that dominate most debates. Cyberattacks are on the rise in 2021 and will continue to rise because many new groups are springing up, according to Digital Shadows’ report. Like the athlete that dresses and prepares for the weather, organizations need to be proactive in continuously strengthening people, processes and data.
Organizations need to keep up on cybersecurity by following the trends/happenings in the industry — the frequency, the changing nature of the attacks and the severity of the attacks — and also keep track of three key metrics:
1. The time it takes to detect an attack.
2. The time it takes to respond to it.
3. The time it takes to resolve any damage.
Businesses and government institutions will need to implement fundamental procedures, as well as consider adopting cutting-edge ransomware defensive technology, to prevent becoming victims of the next widespread ransomware attack. Like everyone else, I’m hoping that the rest of 2021 is positive. You can lessen your chances of becoming a victim by being prepared. More importantly, even if you’re a victim, you can limit the effects.