Ransomware: Modern Threats, How to Prevent Them, and How the FBI Can Help
In April 2021, Dutch supermarkets faced food shortages. It wasn’t the drought, nor the surge in demand for avocados. Rather, the reason was a ransomware attack. Over the past few years, ransomware attackers have targeted businesses, universities, schools, medical facilities, and other organizations, making ransomware the most serious security crisis on the Internet.
Ransomware landscape
Although ransomware has been around for over 30 years, it has become a revenue generator for cyber attackers and gangs in the last decade. Since 2015, ransomware gangs have targeted organizations, not individuals. As a result, the ransom amount increased significantly and reached millions of dollars.
Ransomware is effective because it puts pressure on victims in two complementary ways. The first is to blackmail the victim into destroying their data. The second is to threaten to make the attack public. The second threat has an indirect effect, but is just as serious (if not more so). Publications can cause regulatory and compliance issues, as well as long-term negative brand effects.
Here’s an example of a real ransomware note:
Ransomware as a Service (RaaS) has become the most prevalent type of ransomware. In RaaS attacks, ransomware infrastructure is developed by cybercriminals and then licensed for use by other attackers. Customer attackers can either pay for use of the software or split the loot with the creator. Etay maor, Senior Director of Security Strategy Kato Networks “There are other forms of RaaS. After receiving ransomware payments, some ransomware groups sell all data about the victim’s network to other gangs. is much easier and can be fully automated as it does not require weeks of discovery and network analysis by the attacker.”
Major RaaS players notable for turning the RaaS landscape into what it is today include CryptoLocker, which infected over 250,000 systems in the 2000s and generated over $3 million in profits in less than four months; , CryptoWall, etc. Over $18 million, prompting FBI recommendations, and finally he used various types of exploits, including Petya, NotPetya, and WannaCry ransomware.
How the FBI Helps Fight Ransomware
Organizations under attack inevitably experience frustration and confusion. One of the recommended first courses of action is to contact the incident response team. Our IR team can assist with investigations, recovery, and negotiations. Then the FBI can help too.
One of the FBI’s missions is to raise awareness about ransomware. Thanks to our extensive local and global networks, they have access to valuable information. This information helps victims negotiate and operationalize. For example, the FBI could potentially provide profiler information about an attacker based on a Bitcoin wallet.
To help ransomware victims and prevent ransomware, the FBI has established 56 cyber task forces across field offices. These task forces work closely with the IRS, Department of Education, Office of the Inspector General, Federal Protection Agency, and State Police. They also maintain close contact with the Secret Service and have access to regional forensic laboratories. For national security cybercrime, the FBI has a designated squad.
Alongside the Cyber Task Force, the FBI operates CyWatch 24/7. CyWatch is a monitoring center for coordinating field offices, the private sector, and other federal and intelligence agencies. There is also an Internet Crime Complaint Center (ic3.gov) for registering complaints and identifying trends.
Stop ransomware attacks on time
Many ransomware attacks don’t need the FBI to get to the point they need it. Rather, it can be avoided in advance. Ransomware is not a one-time attack. Instead, an array of tactics and techniques all contribute to its execution. By proactively identifying network and security vulnerabilities that enable attacks, organizations can block or limit the ability of attackers to execute ransomware. Etay Maor adds: It must be countered with a holistic approach, with multiple integrated security systems all sharing context in real time. SASE architecture, and provides a defender like no other. ”
For example, here are all the steps of a REvil attack against a well-known manufacturer mapped to the MITER ATT&CK framework. As you can see, there were many phases that preceded the actual ransom and were critical to its “success”. Mitigating these risks could have prevented the attack.
Here is a similar mapping for the Sodinokobi attack.
Mapping maze attacks to the MITER framework:
Another way to map ransomware attacks is with heat maps. A heat map shows how often different tactics and techniques are used. Here’s the heat map for Maze Attack:
One way to use these mappings is for network analysis and system testing. By testing the resilience of systems against these tactics and techniques and implementing controls that can mitigate risk, organizations reduce the risk of ransomware attacks by specific actors against critical resources.
How to Avoid Attacks – From the Horse’s Mouth
But don’t take our word for it. Some ransomware attackers are “kind” enough to provide organizations with best practices to protect themselves from future ransomware attacks. Here are some recommendations:
- Turn off local password
- Use secure passwords
- Kill admin session
- Configure Group Policy
- Check privileged user access
- Make sure only necessary applications are running
- Limit reliance on antivirus
- Installing EDRs
- 24/7 system administrator
- Protecting vulnerable ports
- Monitor misconfigured firewalls
- more
Cato Networks’ Etay Maor emphasizes: Security for everything He said that SASE, cloud-native, architecture with the ability for solutions to share context, see all network flows, and get a complete picture of the attack lifecycle will set the playing field against cyberattacks. can be leveled. “
Ransomware protection: ongoing activity
Much like brushing your teeth or exercising, security hygiene is an ongoing, systematic practice. Ransomware attackers are known to revisit the crime scene and demand a second ransom if the problem is not resolved. Employing security controls that can effectively mitigate security threats and implementing a good incident response plan can minimize risk and minimize an attacker’s payday. The FBI is here to provide assistance and provide helpful information. Let’s hope no help is needed.
For more information on ransomware attacks and how to prevent them, Watch Cato Networks’ Cyber Security Masterclass Series.
