WHAT IS THE BLOG ABOUT?
Ransomwares, cybercrime trends, Cisco Secure Endpoint
Ransomware is serius problem, it was chosen by Cisco Talos Incident Response (CTIR) as the biggest threat of the year in 2021. Ransomware attacks are becoming more and more sophisticated, and the techniques used are constantly changing. In 2022, 2 trends took off. It is good to monitor the trends, among other things, because from them you can deduce the possible behavior patterns of the coming months.
THE ART OF ADAPTION
As a result of the Big Game Hunting (BGH) scheme, cybercriminals penetrate increasingly complex environments with a variety of systems running. In order to cause as much damage as possible, they try to encrypt as many systems as possible. Their ransomware attack must be able to run on different combinations of architectures and operating systems.
INTEGRATION INTO GEOPOLITICAL CONFLICTS
It’s rare for a cybercriminal group to publicly support a nation-state, but the Conti ransomware group has openly sided with Russia and threatened those who would attempt a cyberattack against the country. A serious involvement in geopolitical conflicts can therefore be observed. Cybercrime forums and ransomware groups not only react to different situations, they also take action.
Its versatile toolkit, industrialization and geopolitical role make ransomware groups increasingly dangerous.
BUT THEN HOW DO YOU DEFEND AGAINST THEM?
How to protect your company from ransomware attacks as they become more dangerous and powerful? There is a solution for that. But before I tell you what will save your company, I’ll show you with an example how it can affect your company if you fall victim to ransomware.
THE WANNACRY STORY
In May 2017, the “WannaCry” malware spread across computer networks around the world. Exploiting a security hole in Microsoft’s Windows operating system, hackers have encrypted the files of many organizations.
The companies involved were sent a note demanding $300 worth of bitcoins in exchange for the decryption key. An estimated 300,000 organizations worldwide were affected by WannaCry. Examples include the National Health Service (NHS), the UK’s largest healthcare provider, technology company Telefonica and many others.
Within four days of discovering WannaCry, Avast detected 250,000 copies of the bug in 116 countries. The malware is still active today and poses a great threat to companies that do not have adequate security development.
As I have already mentioned, we know the solution to ransomware attacks and we want to share this, preferably with the leaders of as many companies as possible. This potential danger should not be taken lightly, as it could happen to you at any time, as happened in the example above many companies ago.
Did you ask yourself the question while reading that, okay, I understand this, but what should I do then? The answer is simple; Cisco Secure Endpoint. It offers security results that enable radical simplification of security, maximization of security operations and complete peace of mind.
Cisco takes a different approach when it comes to cybersecurity; looks at your ransomware protection holistically as part of an integrated security solution. Secure Endpoint includes the built-in extended detection and response (XDR) capabilities of the Cisco SecureX platform. Correlate threats to create high-accuracy detections and coordinate threat responses across the entire security environment. It provides simple management, cloud-based security and remote access.
Cisco makes the most of its security operations, and Secure Endpoint is no different. The security of your company is guaranteed by many small details; integrated Kenna Security risk-based vulnerability management, advanced endpoint detection and response (EDR) capabilities (Orbital Advanced Search, SecureX built-in XDR). You can quickly detect, respond to, and stop ransomware attacks.
You don’t have to face and keep up with ransomware attacks alone, this task is a big challenge for everyone. Cisco Secure Endpoint Pro security operations are always on and the service is under supervision. This oversight consists of Cisco security experts who secure endpoints. Orbital and SecureX offer advanced EDR and integrated XDR capabilities. They speed up detection and response, simplify investigations, and quickly stop ransomware attacks. Secure Endpoint has multiple prevention techniques, such as machine learning or behavioral protection.
With these capabilities, which Cisco Secure Endpoint has, you can protect yourself and guarantee security for your company.
10 INTERESTING FACTS ABOUT RANSOMWARE
The cost of ransomware attacks will approach $20 billion in 2021. The financial loss of the companies is seven times the demanded ransom (due to business interruptions, system transformations, costs of legal proceedings and extra work).
The highest amounts demanded during a ransomware attack:
– CNA Financial (2021): $40 million
– MediaMarkt (2021): $50 million
– Kaseya (2021): $70 million
Cash reward: The US State Department has announced a $10 million reward for information that helps identify or locate key people in the Conti ransomware gang. It is also offering $5 million for information that will help catch people attempting a Conti-related attack in any country.
The average revenue of ransomware groups in 2021 was $120,000, according to the Crypto Crime Report.
Conti: linked to more than 400 attacks, received nearly $200 million in ransom from his victims.
Fastest Encryption Algorithm: How long ransomware groups take to encrypt a system can be a critical question for corporate cybersecurity teams. LockBit offers the fastest encryption on the ransomware market.
The country most affected by ransomware in 2021 was the United States. The United States, which ranked first with 732 cases last year, is followed by the United Kingdom with 74 attacks and Canada with 62 incidents. Additionally, 58 ransomware attacks occurred in France and 39 in Germany.
The three industries most targeted by ransomware attacks are banking, utilities, and retail. Regardless, the other sectors are not safe either and it is recommended to take the necessary precautions.
Most frequently used blackmail techniques:
– Basic technique: ransom demand, subsequent payment and recovery of encrypted data.
– Double extortion: threats of disclosure if the ransom is not paid.
– Triple and quadruple blackmail: targets the victim and the victim’s customers and stakeholders. This includes e.g., contacting customers directly, sending malicious e-mails.
The “corporate” structures of ransomware gangs:
Conti: created a network so wide, similar to large holding companies, that some employees were unaware that they were working for cybercriminals. It was revealed that the cyber-crime gang has senior management, finance, RND and even a business development department.
Security hints from the extortionists themselves:
After a successful attack, most ransomware groups take the ransom and deliver the decryption key to the victim, along with a brief note about any security vulnerabilities. This note may contain hints about attack vectors and suggestions for the victim to take better security measures.
Secure Endpoint guarantees the protection of your company, ransomware attacks are no longer a problem. Ask, contact us if you want a Secure Endpoint solution!