Blog / Ransomware is Getting an Upgrade… It Never Seems to Ware Out!
It’s been a while since I talked about the topic of Ransomware. Actually, it hasn’t. When I was thinking about doing this particular newsletter, I took a quick look back at my previous ones, and it’s been just over a month.
I’ve talked about Ransomware a lot over these newsletters (this is the 95th one I’ve written) and I’ve been careful to try and make sure that I provide new information every time. When you talk about a topic over and over, there’s a very real risk of becoming a broken record and simply re-stating the same things again and again.
At the turn of the 19th century, the Cavalry Charge was considered the pinnacle of military tactics. The basic approach was to soften-up the enemy troops with your infantry, then send in the Cavalry to finish the job, and run them down. Cavalry was fast, deadly and intimidating (ever been charged by someone on horseback?) This doctrine was taught in war colleges of the time, because it worked. That is, until World War I came along – All of a sudden, people found out that a couple of marginally-trained kids with machine guns could mow down men and horses by the thousands.
The failure to rapidly adapt to that, cost millions of lives (compare the body count between World War I and World War II.) So, what was learned? Well, if you look back at history, one of the biggest takeaways was the Tank. It was faster than Cavalry, very hard to pin down, was impervious to small arms’ fire, and could be heavily armed (just for a start.) It was also very intimidating. So, for the next few decades, it was all about Tanks. They got used all over the place for war, civil unrest; you name it. If there was a problem, you sent in the Tanks. That is, until the Tank was laid low by some unknown hero walking home with a couple of bags of groceries (Tiananmen Square Protests, 1989, if you’re curious.)
Now then, I’m sure you’re wondering why I decided to turn a Cyber Security Newsletter about Ransomware into a brief history lesson!
Ransomware Attacks continue to change and evolve, which means that the defenses against them need to adjust and expand, in order to keep up with their criminal techniques. Thus, please allow me to go over Ransomware Attacks and how they have changed over time:
In the beginning, there was Ransomware.
Yup, good ole Ransomware. Your files are encrypted and you can’t access them. Pay us and we’ll undo it. The defense recipe for this is the advice that everyone gives: Back-up your files! That’s great; Ransomware Attacks still succeed, but the payouts to the attackers decrease. So, what happens? They up their game…
Next, your Backups are attacked.
The next phase we saw was Ransomware Attacks that were better planned. Attackers would infect machines and then take the same extra effort to sabotage any methods of backup that were in place. They would then delay their attacks, so that the only backups available would be old. By doing this, they incremented the damage of their attacks and strengthened the possibility of being paid. The response? People need to routinely check their backups to make sure they are working. Once again, Ransomware becomes less effective, so that’s the end of that, right? Well, think again!
Now, there’s a Data Breach as well.
Recently, Ransomware Attacks have also been evolving into Data Breaches. Not only is data being encrypted, but it is being stolen at the very same time. So, the demand isn’t simply to decrypt your files; it also includes the deletion of data that has been stolen (so they don’t release it.) This has the potential to turn a Ransomware event into a much pricier incident.
All of this points to one simple truth: Ransomware attackers are spending more and more time trying to make sure that the infection spreads as far as it can and does as much damage as possible. If it’s only Ransomware, the attacker can pretty much leave that on automatic. A machine gets infected, looks for other gadgets to contaminate, then waits for the encryption command. Backups can be attacked in much the same way; an automatic search for various software, settings or file types will locate most methods of backing-up.
Data Exfiltration, on the other hand?
That’s something which still requires hands to pull-off. If you’re going to put in the effort to see if there’s anything worth stealing, you’re also going to strive to make sure that you’ve polluted as much as you possibly can. This means the number of attacks will go down, but their scope will go up. Infections will be larger, thus crippling more of the network devices.
It’s important to stay informed and keep up to date on how things are changing. Whether it’s Ransomware or the Coronavirus, a little knowledge will help keep you safe.
If you have any questions about Ransomware Protection, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.