Multiple state and local governments have been set back this year onto their heels by ransomware. With attacks like the RobinHood ransomware attack in May that the city is still recoring from, ransomware attacks have been an almost daily part of the news.
According to data from X-Force IRIS, the ransomware problem is part of a much larger overall increase in destructive malware attacks that has been spiking over the past six months.
“Of those destructive malware cases, 50% targeted organizations in the manufacturing industry,” the researchers noted. “Other sectors significantly affected included oil and gas and education. Most of the destructive attacks we have observed hit organizations in Europe, the United States, and the Middle East.”
IRIS has witnessed ransomware attacks—criminal attacks where a ransom is demanded in exchange for a key—specifically increase by 116%. “While not all ransomware attacks incorporate destructive malware,” the IRIS team wrote, “the simultaneous increase in overall ransomware attacks and ransomware with destructive elements underscores the enhanced threat to corporations from ransomware capable of permanently wiping data.”
While some non-targeted ransomware attacks have exploited vulnerabilities in servers to gain access to their victims’ networks, the majority of targeted ransomware and destructive attacks begin either with a spear-phishing email, “credential stuffing” (guessing or outright brute-force attacks with passwords), “watering-hole” attacks (using a site related to a job or industry to spread malware, sometimes through malvertising or compromise of the website), or through some other compromise of a third-party system (such as a cloud service or software-as-a-service provider).
Preventing ransomware and destructive attacks outright would be the ideal solution, but it may not be realistically possible for many organizations—especially as more attacks come in from third-party networks. So instead, isolating the parts of network infrastructure that are affected is essential to limit the damage, the IRIS report noted.
“Even in cases where an attack materializes, if the affected parts of the infrastructure are isolated, an organization can significantly limit the damage and prevent some of the impact to its operations,” the team wrote. “Reducing the number of devices affected by a destructive attack can also drastically reduce the cost and time associated with reconstitution.” Isolating critical parts of network infrastructure from third-party networks is an important part of that—using multiple layers of security control and network defenses.
IRIS’ other advice to organizations includes running tests of response plans “under pressure” and using threat intelligence resources to get a better idea of the potential risks they face. But all of these seem like a lot to ask for some of the types of organizations that have been falling to ransomware. Nowadays, ransomware-targeted organizations are ones that fall below the information security poverty link in terms of administrative and security resources, have shallow IT expertise internally, and can’t even manage to train users on potential threats from phishing attacks.
This is why partnering with a seasoned Cyber Security expert like ATYXIT can put your business ahead of the curve in defensive measures.