Protect from Evolving Ransomware Threats with Vigilant
Article by ATI Partner Chris Nyhuis, CEO – Vigilant
In today’s world of Cyber security Incident Response we are seeing evolving threats that are no longer detectable by standard detection. You heard that right, effective evolving threats that can move around artificial intelligence behavior analytics and SIEM. To make it worse, if the security services/solutions you are using are easy to purchase that means threats can purchase them also, testing in their labs prior to attacking bringing them success on the first try.
One of these evolving tactics is in the realm of ransomware. Traditionally, Ransomware was thrown to the wind by the attacker, hoping to hit a random company who the attacker could charge a lion share of bitcoin after encrypting all their data. This approach was successful for quite some time, however, the good guys realized that with the proper backup strategy a company can respond and recover the encrypted data fast taking the wind out of the sails of the attack and money out of their pockets.
Ransomware went dormant for a while, which for us in the security community, meant there was some re-grouping and that there would be another trick up their sleeve. Silence means a wave is on the horizon.
Here’s what they are doing now and it’s ingenious.
- Attacker enters the company using everyday malware, not anything special.
- Next they manually jump off of that original computer before it’s cleaned by AV and pivots to a few other systems so they have redundancy in the control of the network.
- The attacker then manually identifies and takes over critical servers within the customer’s environment. Notice the manual actions here – it’s not easy to detect manual attacks so most organization’s security solutions will miss it.
- They take over the following:
- Firewalls – Ability to Defend
- Exchange – Ability to Communicate
- File Servers – Customer’s Data
- Active Directory – Ability to Control Access
- Backup Servers – Ability to Recover
- They take over the following:
- Once they are on all of these they do a surgical encryption of these systems. Not widespread, surgical and at that point the company’s entire data structure and recovery ability is gone.
Did you see that? The attacker took out a company’s ability to RECOVER by destroying their backups! You can see that the threats your customers face each day are not automated dumb attacks. Threat actors can make significant revenue with these attacks, they are smart, agile and evolve in minutes. Vigilant’s been contacted by three companies in the last week ranging from 10 Million in revenue to 2.2 Billion in size completely encrypted and shut down. Two of them will go out of business and one will recover. The hard part for us is knowing that if we were there prior to the attack we could have stopped all three from happening. Vigilant is a Security as a Service organization who specializes in:
- Intrusion Detection
- Intrusion Prevention
- Incident Response
- Targeted Vulnerability Management
Vigilant performs a 5-Day no cost threat assessment for your customers to show them a much different and effective approach to security. Schedule one today.