Tips for Surviving Big Game Ransomware AttacksHow Sophistication and Professionalism of Underground Ransomware Has impacted the “Big Game”
Ransomware is popular with cyber criminals because it’s effective and generating profits, so much so, that a new brand of “big game” ransomware attacks have emerged. Based on data from WatchGuard endpoints, our threat lab expects that 2021 ransomware volumes will increase to at least 150% of 2020’s total. To make matters worse, we have also witnessed increasing sophistication and professionalization in ransomware (along with its significant increase).
This more sophisticated “big game” ransomware is linked to the increase of targeted attacks focused on large companies and organizations that have critical uptime requirements – in sectors such as healthcare, government, manufacturing, education, and managed service providers (MSPs). What's more, cybercriminals are carrying out new forms of blackmail. They now also exfiltrate data and extort victims by publishing it on dark web forums, something they call “double extortion.” Some groups even practice “triple extortion” by exfiltrating a victim’s customer data and going after those customers directly.
Why has the cybercriminal underground put so much effort toward the professionalization of ransomware? Simply put, they are making tons of money from it.
Add to that the increase in underground professionalization of ransomware-as-a-service (RaaS). RaaS is the sale of ransomware developed by professionals, where even non-technical criminals without the background to write ransomware can get it and use it against the target of their choice. This combined increase in the sophistication and professionalism of underground ransomware has led to a significant increase in the impact of “big game” ransomware attacks.
A clear example occurred on May 7, when the Colonial Pipeline was hit by the biggest cyberattack on an oil infrastructure to ever take place in the United States. Leveraging a simple stolen credential, the attackers infiltrated the company’s systems and loaded ransomware, reportedly stealing and locking 100GB of data, and causing fuel shortages. At this point, President Biden declared a state of emergency in the area to prevent further damage.
So, how can you survive big game ransomware attacks? The only real way to stop this threat – in my opinion – is to stop paying ransoms. Why has the cybercriminal underground put so much effort toward the professionalization of ransomware? Simply put, they are making tons of money from it. But, it’s also important to understand how you can prevent it. As always, you need to make sure you have a business continuity and disaster recovery (BC/DR) plan already written and in place, that ensures you can restore critical business systems quickly in the event of any cyber disaster.
Unfortunately, there’s no single defense that will protect a company from ransomware completely. But having multiple layers of defense is the best bet to stop all cyber threats in general, including ransomware. Some necessary ransomware security controls include endpoint protection and response (EDR), multi-factor authentication (because hackers don’t break in, they log in, á la the Colonial Pipeline attack), and advanced anti-malware prevention. If you include these layers in your defenses, along with a tested BC/DR plan, ransomware should rarely be successful, and you’ll quickly be able to recover without paying even in the worst case.
Learn more about Surviving the Colonial Pipeline and Other Big Game Ransomware Attacks.