Ransomware has taken the world by surprise in the first half of this year, cementing itself as a major global threat.
Attacks like Wannacry and Petya, which we classify as ransomworms rather than ransomware due to their ability to spread rapidly, had catastrophic repercussions all over the globe and did not discriminate when it came to industry.
Starting with Wannacry, the attack demonstrated that far too many organisations did not have effective security protocols in place, and did not take note of the importance of cybersecurity until after the fact. This particular strain of ransomworm took advantage of a vulnerability that had been patched two months earlier by Microsoft, yet many organisations had not updated their machines.
Adding insult to injury, when Petya was launched just weeks later – using the exact same exploit as Wannacry – organisations still found themselves affected, despite the global attention Wannacry received.
Cybercriminals are always searching for new targets and an easy entry point, this Microsoft exploit provided the perfect honey pot for them to target these organisations and to spread their malware. Making matters worse, these two attacks could’ve easily been mitigated if said organisations had simply followed some relatively simple security processes; patching and updating.
Ransomware as a service is now a thing
Ransomware attacks will only become more prolific as Ransomware as a Service (RaaS) gains traction on the dark web. Everyday people can now buy malware and distribute it as they see fit. Only adding to the problem, is that ransomware is becoming more and more sophisticated in nature. Cybercriminals are constantly updating and releasing new iterations of code with the goal of outsmarting the latest security features. As such, it has never been more important for security teams to reiterate the importance of basic security practices to the wider organisation. Taking a proactive approach to security to anticipate tactics that hackers might use will minimise the impact of any breach. So, where do you start?
Easily the best place to begin is to stress the importance of effective cyber hygiene. This involves ensuring your operating systems are kept up to date, and regularly applying security patches will mean any weak point in your ecosystem is covered before it can be targeted maliciously. Without these basic processes in place any additional security efforts will be hampered. Meaning any additional layers of security need to work with a valid and up to date IT infrastructure to mitigate threats. Basic cyber hygiene is a must, but additional preparation is key and new advanced threat protection measures can really help you stay ahead of cybercriminals.
Leaving the next ransomware attack in the sandbox
One method to combat the next big threat is sandboxing. This involves isolating code into a virtual environment where it can be executed and tested before entering your main network ecosystem. If any malicious software is detected, it is segregated from doing any harm.
Unfortunately, cybercriminals are working harder than ever and have created code that is able to detect a sandbox, and disguise itself until it has been cleared onto the network. As such, security must now detect this kind of code too. This is where advanced threat protection comes into its element. ATP is able to prepare for the next generation of ransomware attack by proactively detecting certain signatures and behaviours that would suggest a malicious intent. Signature detection is able to monitor for an exact match of a known malicious code.
Read more: Top 7 deadliest ransomware attacks
However, it’s worth noting that with thousands of variations of the same code which is able to sneak past these systems, newer pattern recognition systems are required to form a stronger defence. For example, pattern recognition technology can distinguish over 50,000 code variations within a malware family, and as such, stop them from infecting a network. With this level of coverage, malicious code is truly up against it in order to sneak into the organisation’s network. It isn’t as simple as it seems, recognising code is one thing, but being able to analyse and detect code that is searching to see if it is in a sandbox environment is more difficult. By spotting malicious code of this nature, it’s possible to render evasion technology irrelevant.
A global threat network can provide further advantages, by identifying threats early and sharing that knowledge the spread of malicious software can be halted far more quickly. Sandboxes are a powerful tool, but this requires resource and the process can be time consuming. This is why they should always be partnered with other security tools such as firewalls and endpoint security to establish a fully integrated security solution.