Perseverance and Patience: Two Qualities You Shouldn’t Have in Your Ransomware Attacker

Modern organizations are driven by data. They provide collaboration and help us interact with customers.

This same payload is also scattered across countless applications, making it difficult to secure. Ransomware attacks are on the rise. 57% of security managers expect ransomware to compromise their organization within the next year, making data protection more important than ever.

Anticipate ransomware threats

To help you stay ahead of the ever-evolving ransomware threats, it’s important to raise a debate about how remote work and cloud productivity have made ransomware attacks harder to detect, and how behavioral anomaly detection can help mitigate the risk of ransomware.

It seems that the way modern businesses operate, which involves a combination of technologies, has allowed ransomware to thrive. Faced with similar attacks in their previous roles, experts know how many CSOs feel. The human instinct is to pay the ransom. It’s quite interesting to think about the evolution of ransomware. These attacks are very sophisticated. In fact, attackers prefer proven methods: they prefer stealing credentials, spraying passwords, scanning the network, buying credentials on the dark web, and using ransomware kits. So in many ways, nothing has changed. They seek to penetrate your network by any means. But it’s not the initial entry point that really distinguishes the ransomware operators, but what happens next.

The main thing is perseverance and patience

A growing trend is that attackers are very knowledgeable about IT infrastructure. For example, many companies use Windows or Linux computers or have local facilities. They may also use cloud services or platforms or other endpoints. Attackers understand this. Therefore, they can develop malware that follows these IT infrastructure patterns. And in fact, they evolve there, get used to our protection. One of the evolutions is the theft of data, and then the threat of their disclosure.

This is double extortion. So part of the initial ransomware may have to do with encrypting your network and trying to get the decryption key. The second part of the extortion actually makes you pay another amount of money to try to get your data back or keep it private. You must assume that your data is gone. It is very likely that they have already been sold and are already on the dark web.

Do I have to pay a ransom?

It is erroneously believed that if you pay a ransom, your services will be returned to you faster. The reality is quite different. It must be assumed that ransomware operators see this as a business. And, of course, it is expected that if you pay the ransom, you will receive a decryption key. The reality is that only 65% ​​of organizations actually recover their data. There is no magic wand. Even if you have received a decryption key, it is quite limited. And she definitely won’t reveal everything. Often you still have to go through each file, which is incredibly time consuming. Many of these files are at risk of corruption. It’s also more likely that the important and important files you rely on are the ones you won’t be able to decrypt.

Why is ransomware still affecting businesses so much?

Ransomware runs like a business. The more people pay, the more hackers will demand a ransom. As long as someone somewhere is going to pay, there is a payoff for the attacker. Now the difference is how much time and patience an attacker has? Especially the big ones, they will have perseverance and they will have the drive and desire to keep moving through the network. They are more likely to use scripts, various malware, and they are looking for this privilege escalation to be able to exfiltrate data. They will stay in your network longer. But a common disadvantage is that the attacker relies on the fact that no one is watching him. Sometimes attackers stay online for months. So by the time the network is encrypted or the data is stolen, it will be too late for you. The actual incident began weeks, months or, however, long ago.

The best attack detection point is during the lateral movement stage, when the attacker is looking for exploits to turn around from or more valuable assets to steal. This is one of the most fundamental problems to overcome. Experts know what to do to reduce the risk of phishing, although it will always be a problem because there is a human factor. But once they get that initial access, get Remote Desktop Protocol (RDP) or server credentials or whatever, they can start moving in a horizontal direction.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.