The most common threat in the cybersecurity world often sounds like a plot from a blockbuster movie.
The clock is ticking…
You have only a few hours…
Can you solve the mystery before you have to pay the ransom?
According to Secureworks' Director of Intelligence, Mike McLellan, year after year, threat actors around the world keep going back to malware tools which hold data hostage. Ransomware is a tried-and-true tactic that has been around for more than 30 years—a technique that is older than some security professionals themselves!
But in recent ransomware has evolved and grown. It is unrecognizable from the early amateur efforts to extort money from victims. And even more recently than that, criminals have refined their techniques. In the most recent episode of The Cybersecurity Advantage Podcast, Mike explains that the model of ransomware we saw three to-five years ago of mass distribution via phishing and compromised websites has been replaced by a much more aggressive and damaging approach, where criminals get access and then use a hands-on-keyboard process in the back end to set up deployments to cause maximum damage across a network
Today's ransomware threat actor has upped their game—criminals are now using techniques once used by state-backed entities. But despite the evolution of the threat, one thing remains the same: it is important for security professionals to remember that humans are at the other end, and with the right preparation and agility, organizations can prevent or deter these criminals from being successful.
According to Mike, one of the biggest challenges in proactively dealing with ransomware is that CISOs understand the concept, but they face a barrier regarding investment in tools and services to stay ahead of the threat.
And today's threat is complex. The biggest issue for companies is not necessarily about the ransomware itself, it is about the value of their data that is available to those who want to cause harm. Criminals have realized that data has a monetary value and that companies will pay. As long as they continue to receive multi-million-dollar payouts, ransomware will still be with us.
In fact--we may not even be at the peak of the threat yet.
But the good news is companies do not have to be victims. All companies want to know if they can stop ransomware, and Mike answers that question with a resounding yes. If you can raise the opportunity cost for ransomware threat actors, they will probably go elsewhere.
How you get there is key. In this podcast episode, Mike uses a crawl-walk-run methodology to show security professionals what they need to consider in making a network ransomware resilient. At the highest level, this means:
- Crawl—understanding your risk
- Walk—addressing the gaps
- Run—testing the controls
In the episode, Mike shares more details on each of these areas and what he has identified as the biggest key miss by security professionals today.
You have no choice but to be ransomware aware. Start listening now and stay a step ahead of threat actors using today's most common cybercrime technique.
Want to learn more about the ransomware threat today? Check out these additional resources from Mike and the other experts at Secureworks.
- Secureworks' Threat profiles
- Mike McLellan at the TI Summit
- Preparing for Post Intrusion Ransomware blog
- Computer Weekly article on the Garmin Ransomware breach – featuring Don Smith
- TechRepublic's article on the Twitter attack—featuring Mike McLellan