Industry Insights with Corey Nachreiner

CISO Trainings , Cybercrime as-a-service , Fraud Management & Cybercrime

Tips for Surviving Big Game Ransomware Attacks

How Sophistication and Professionalism of Underground Ransomware Has impacted the “Big Game”
Tips for Surviving Big Game Ransomware Attacks

Ransomware is popular with cyber criminals because it’s effective and generating profits, so much so, that a new brand of “big game” ransomware attacks have emerged. Based on data from WatchGuard endpoints, our threat lab expects that 2021 ransomware volumes will increase to at least 150% of 2020’s total. To make matters worse, we have also witnessed increasing sophistication and professionalization in ransomware (along with its significant increase).

See Also: Creating a Culture of Security

This more sophisticated “big game” ransomware is linked to the increase of targeted attacks focused on large companies and organizations that have critical uptime requirements – in sectors such as healthcare, government, manufacturing, education, and managed service providers (MSPs). What's more, cybercriminals are carrying out new forms of blackmail. They now also exfiltrate data and extort victims by publishing it on dark web forums, something they call “double extortion.” Some groups even practice “triple extortion” by exfiltrating a victim’s customer data and going after those customers directly.

Why has the cybercriminal underground put so much effort toward the professionalization of ransomware? Simply put, they are making tons of money from it. 

Add to that the increase in underground professionalization of ransomware-as-a-service (RaaS). RaaS is the sale of ransomware developed by professionals, where even non-technical criminals without the background to write ransomware can get it and use it against the target of their choice. This combined increase in the sophistication and professionalism of underground ransomware has led to a significant increase in the impact of “big game” ransomware attacks.

A clear example occurred on May 7, when the Colonial Pipeline was hit by the biggest cyberattack on an oil infrastructure to ever take place in the United States. Leveraging a simple stolen credential, the attackers infiltrated the company’s systems and loaded ransomware, reportedly stealing and locking 100GB of data, and causing fuel shortages. At this point, President Biden declared a state of emergency in the area to prevent further damage.

So, how can you survive big game ransomware attacks? The only real way to stop this threat – in my opinion – is to stop paying ransoms. Why has the cybercriminal underground put so much effort toward the professionalization of ransomware? Simply put, they are making tons of money from it. But, it’s also important to understand how you can prevent it. As always, you need to make sure you have a business continuity and disaster recovery (BC/DR) plan already written and in place, that ensures you can restore critical business systems quickly in the event of any cyber disaster.

Unfortunately, there’s no single defense that will protect a company from ransomware completely. But having multiple layers of defense is the best bet to stop all cyber threats in general, including ransomware. Some necessary ransomware security controls include endpoint protection and response (EDR), multi-factor authentication (because hackers don’t break in, they log in, á la the Colonial Pipeline attack), and advanced anti-malware prevention. If you include these layers in your defenses, along with a tested BC/DR plan, ransomware should rarely be successful, and you’ll quickly be able to recover without paying even in the worst case.

Learn more about Surviving the Colonial Pipeline and Other Big Game Ransomware Attacks.



About the Author

Corey Nachreiner

Corey Nachreiner

CTO, WatchGuard

Recognized as a thought leader in IT security, Nachreiner spearheads WatchGuard's technology vision and direction. Previously, he was the director of strategy and research at WatchGuard. Nachreiner has operated at the frontline of cyber security for 16 years, and for nearly a decade has been evaluating and making accurate predictions about information security trends. As an authority on network security and internationally quoted commentator, Nachreiner's expertise and ability to dissect complex security topics make him a sought-after speaker at forums such as Gartner, Infosec and RSA. He is also a regular contributor to leading publications including CNET, Dark Reading, eWeek, Help Net Security, Information Week and Infosecurity, and delivers WatchGuard's "Daily Security Byte" video on Facebook.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.