Ransomware attacks, which have already been the bane of many businesses prior to the coronavirus outbreak, continue to run rampant. Hackers continue to infiltrate company networks with malicious software that locks businesses out of their files until a ransom is paid. Many hackers now use spam messages that promise to contain information about the pandemic to trick users into downloading ransomware.
Hackers do not discriminate among targets, even attacking critical organizations such as healthcare institutions. For instance, 10xGenomics Inc. was targeted by a ransomware attack earlier this year while the biotech firm was actively helping researchers learn about the coronavirus.
With such incidents becoming common, it’s critical that organizations adopt capable solutions that can protect them from ransomware attacks. Hackers exploit a variety of potential ways to try and sneak malware into networks. They are also tweaking ransomware code to feature more sophisticated behavior such as evading conventional security solutions.
Fortunately, security solutions are keeping pace with these developments. Breach and attack simulation (BAS) platforms are now available to help organizations perform cyber risk assessments and test their security routinely and comprehensively. Network security providers also offer cloud-based web application firewalls (WAFs) to help prevent traffic from malicious sources from reaching key network components or prevent internal data from leaking out. Various antimalware solutions are also using newer approaches such as content disarm and reconstruction (CDR) that are capable of dealing with novel and emerging threats.
These come as a boon for organizations that need to bolster their defenses as the crisis continues.
The Problem with Ransomware Attacks
Disabling ransomware has now become even more challenging. Ransomware can be cleverly disguised. Hackers can hide malicious code into legitimate files. They also can deploy more sophisticated ransomware that has polymorphic capabilities. These allow them to change their signature and bypass conventional antimalware and antivirus solutions.
In addition, other ransomware variants are now capable of detecting sandboxes and virtualized environments. By delaying payload deployment in such conditions, the ransomware has a higher chance of being flagged as a legitimate file and making its way into the rest of the company’s network.
To increase pressure on organizations to pay a ransom, some ransomware variants can exfiltrate data so that hackers can threaten companies to leak them on the internet. This also allows threat actor groups to further increase their payment demands. For example, electric utility company Energias de Portugal recently suffered an attack in which attackers demanded 1,580 Bitcoin (approximately $11 million) as ransom.
Business disruptions caused by a ransomware attack at a time like this can have catastrophic results. Businesses are already hard-pressed due to challenges in ensuring business continuity during a pandemic. Most simply have no choice but to pay the ransom. Ransomware payouts in the first quarter of 2020 are up by 33 percent compared to the fourth quarter of 2019.
Preventing Ransomware Attacks
In response to this pressing concern, companies must quickly revisit their security measures and assess whether or not they have ample ransomware protection. Not only should their tools mitigate known threats, but they should also be able to protect against new variants.
To test the existing security measures, organizations can use BAS. Security testing is typically done using penetration tests. These require high-level security expertise and are expensive to perform routinely. Considering how hackers constantly evolve their techniques, organizations may be left exposed in the time the tests are performed and the time security corrections are made. BAS simplifies and automates the testing process by checking various attack vectors and the effectiveness of security measures that protect them. By running BAS tests, organizations would be able to readily see which measures need strengthening.
Deploying WAFs can also help prevent the entry of ransomware. Many attackers look to breach systems through web applications in order to deploy their payloads. WAFs can readily identify if network traffic is originating from a malicious source and automatically blocks requests from dubious sources.
Among the newer approaches to fighting ransomware is CDR. Through CDR, files are deconstructed and screened for any trace of malicious code. Unlike conventional antiviruses, CDR doesn’t require virus signature databases to identify ransomware. Files are scanned at the binary level to identify dangerous commands. This allows solutions to detect and disarm previously unknown malware.
Setting Up Stronger Defenses
Hackers are taking advantage of the coronavirus crisis by launching various cyberattacks and scams against businesses and users. Ransomware, in particular, is actively being used by cybercriminals to attack businesses.
As such, companies must ensure that their security measures can still capably prevent and disarm such threats. They must look beyond conventional security tools and explore new ways of bolstering their defenses. Considering the current economic situation, businesses can’t afford to have additional problems to deal with.
It would be prudent for them to review their strategies and adopt the best security solutions available to protect their networks from the rising number of ransomware attacks. With stronger defenses in place, companies can focus on other crucial matters such as keeping their businesses going strong despite the constraints brought about by the pandemic.
