Ransomware cyberattacks are still a big security threat, with damages from these attacks predicated to hit around $20 billion by 2021. Although some rogue reports have indicated that ransomware is no longer the threat it used to be, this is not the case. Just this week Seyfarth Shaw, a global legal firm with Australian offices, said it is the victim of an “aggressive malware” attack, believed to be ransomware. The firm said in a statement that it was attacked on October 10 US time.
Some other very recent ransomware attacks include :
- Workforce design and delivery firm Tandem Corp became a victim of NetWalker ransomware. Screenshots of data allegedly stolen during the attack were published on the Dark Web. The screenshots included files which appeared to contain financial data, personnel information and passport details.
- Staff at Key West City Hall were hit with a ransomware attack that took their systems offline.
- Argentina’s official immigration agency, Dirección Nacional de Migraciones suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country. The attackers initially demanded $2 million but this was doubled after a 7 day period.
- A ransomware attack at Hartford Public Schools in Connecticut took down critical systems over Labor Day weekend.
- Data center giant Equinix was also hit with a ransomware attack. Its data centers and managed services remained intact as it was only internal systems affected.
Ransomware Attacks on the Rise
These attacks are just a sample of the latest ransomware attacks, and reports show that the popularity of these types of attack continues to grow. Some underground sites offer ways for users unfamiliar with ransomware coding to “rent” attack tools. This Malware-as-a-Service (MaaS) increases the number of potential attackers as even people with no coding and malware skills can launch an attack.
Exaggerated reports claiming that ransomware is no longer a serious threat endanger organizations that do not know how to contain and avoid this malware. Ransomware is one of the most destructive types of attacks, so organizations should have the right tools and security configurations in place that specifically defends against ransomware.
A recent report from ZDNet reports a huge increase in the number of ransomware attacks over the course of 2020, with a seven-fold rise in campaigns compared with just last year alone, according to newly released data from cybersecurity researchers.
When false reports minimize the extensive ransomware attacks seen in the wild, uninformed businesses could lower their guard and reduce the detection of ransomware. Ransomware is one of the worst malware threats seen in the wild, costing organizations millions in data loss and disaster recovery efforts.
Defending Against Ransomware
The threat of ransomware increases the risk for any organization that allows users to receive email or access the Internet. Ransomware attackers sometimes add social engineering to the game where they convince employees to download malicious scripts or trick them into divulging their user credentials. With social engineering attacks, user training plays a huge role in cybersecurity defense, but for employees that cannot identify a social engineering attack, organizations can rely on additional anti-malware tools.
There are a few ways organizations can stop attacks. Attackers install ransomware mainly using phishing emails and messages that contain malicious attachments. For instance, an attachment might contain a macro that downloads additional content to the user’s local machine. This additional content could be ransomware executables along with other malware that gives an attacker remote access to the local device.
The first line of defense is email protection. Email messages created by attackers sometimes have a recognizable spoofed email sender address, and some phishing attacks use graphics and wording that look like the message is from an official source. Recipients not trained to look for phishing messages (or forget to check accuracy) click links in a phishing email that takes them to an attacker-controlled server. DMARC (Domain-based Message Authentication, Reporting and Conformance) is a security framework that detects and stops these attacks.
DMARC is a set of cybersecurity configurations that use a combination of digital signatures (DKIM) and DNS verification using Sender Policy Framework (SPF). DomainKeys Identified Mail (DKIM) adds public-private key encryption that adds a signature to the header in an email. The owner of a domain adds a verification key as a DNS entry and SPF protocols at the recipient email server perform a lookup for this verification entry. Only valid IPs can then send an email on behalf of the sender’s domain. SPF eliminates an attacker’s ability to send spoofed email messages.
DMARC works in conjunction with email filters and DNS-based content filters so that users are unable to access attacker-controlled websites. With DMARC, the messages should not be able to reach the user’s inbox. Messages blocked by DMARC rules are quarantined where the email administrator can review it for any false positives. Should a message return a false negative, the malicious content would reach the user’s inbox. DNS-based content filtering would trigger and block the user from accessing the website where an attacker phishes for user credentials.
Without the right cybersecurity tools in place, organizations are vulnerable to ransomware. This malware could cost an enterprise millions in disaster recovery and ransom fees if they’re paid. Encrypted data cannot be decrypted without the private key, so there is no “fix” for a ransomware attack. The only way to avoid them is to have the right email security using DMARC and content filtering.
One wrong click and you could be faced with some difficult decisions and large bills. Instead, prevent these emails from ever reaching your user's inbox. SpamTitan checks every URL in an email against known blacklists - with 100% active web coverage. Protect your users from email links to malicious sites with SpamTitan. SpamTitan's sandboxing feature protects against breaches and sophisticated email attacks by providing a powerful environment to run in-depth, sophisticated analysis of unknown or suspicious programs and files.
To find out more about some of the key protections you can put in place to improve your resilience against ransomware attacks, contact the TitanHQ team today.