The state of ransomware
Ransomware isn’t dead. It’s not on life support, and it’s not even feeling under the weather. In 2017, widespread ransomware attacks were novel, and made for flashy news stories. But remember that even though major news outlets don’t talk much about adware, financial trojans, or keylogging spyware, cybercriminals still use these tools.
Ransomware, in particular, still remains popular; however, cybercriminals have advanced their attacks and grown smarter about how they deliver them. For starters, attackers have increasingly focused on industries and sectors they think will be vulnerable. For example, criminals have increasingly targeted city governments, like Washington, Pennsylvania, whose phone and computer systems were out of commission for several days after a ransomware attack. Another change involves advancement in cyberattack delivery. With so much information on people freely available on the web, hackers can craft very convincing phishing and social engineering attacks that trick even IT professionals.
Finally, remember that many cybercriminals and cybercrime groups think of their work as a business—they may attempt to “cross-sell” their victims by unlocking the machine, but leaving other things on it, like a cryptominer, financial trojan, or keylogger. Scrubbing the machine of ransomware may not be the end of the attack.
Fighting back against this deadly threat
As with any other attack, you’ll need multiple layers of security to help. To reduce the risk, make sure to implement:
- Email protection: Like many other attacks, ransomware often gets delivered via email. Whether it comes in the form of a direct ransomware download or via a malicious document launching a script, email plays a major role in launching most ransomware attacks. A good email security solution can help shut down these attacks.
- Web protection: Email isn’t the only delivery mechanism. Someone can easily stumble across a malicious website and accidentally download ransomware. A web protection solution can help keep your customers off known malicious sites.
- Backup: Some ransomware strains delete local backups to prevent people from restoring their systems. A good cloud-first backup solution, like SolarWinds® Backup, can help you fight back by storing multiple copies of your data in the cloud and using multiple techniques to speed up recovery. SolarWinds Backup also offers the ability to store a local copy of your customers’ data on any hardware you choose (it’s optional, and doesn’t require you to purchase an expensive backup appliance).
- Endpoint protection: Expect cybercriminals to continue developing newer, sneakier forms of ransomware. To deal with these types of emerging threats, you’ll need more than just antivirus—you’ll want a solid endpoint protection product that uses AI and machine learning to spot fishy behavior. For example, at the delivery phase, criminals may attempt to use internal system tools like remote desktop protocol (RDP) to land the ransomware on the system. A good endpoint protection system can spot suspicious activity, like an odd pattern on RDP, and flag it to you sooner.
Ransomware: alive and kicking—hard
Ultimately, ransomware is still a major threat. If criminals can make money or cause destruction, they will keep it in their toolset, and ransomware still generates revenue for attackers. Plus criminals can modify attacks to circumvent current defenses, making them harder to attack. Don’t expect ransomware to go away any time soon—and make sure you’re prepared with the right security controls.
We mentioned the importance of endpoint protection earlier. To fight back against ransomware, give SolarWinds Endpoint Detection and Response (EDR), powered by SentinelOne®, a try. Not only does it include AI and machine learning to prevent threats and detect odd, potentially malicious behavior on endpoints, it can also automatically roll back endpoints to a known safe state after an attack. Learn more today by visiting solarwindsmsp.com/products/remote-management/endpoint-detection-and-response.
Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.