What’s the Best Cyber Defense Against Ransomware and Other Threats? Knowing Your Opponent

Posted by Marbenz Antonio on April 19, 2022

Computing has improved the lives of billions of people, from calculators to cloud computing to quantum computing. However, just as innovation may be a positive factor, it can also be used to aid cybercriminals.

Are you using end-to-end encryption to secure your assets? The criminals are as well. Are you using collaboration tools to manage a remote workforce? A similar method is used by threat actors. Are you using cloud technologies to hyper-scale your business? The assailants are as well.

Meanwhile, defenders are dealing with a stressed supply chain, as well as security issues posed by hybrid and remote work settings and increased geopolitical volatility. These represent new chances for anyone looking to benefit by disrupting the commercial world.

Rise of Ransomware-as-a-Service

Ransomware is a type of cyber-attack that stops a user from accessing computer data, systems, or networks unless a ransom is paid. According to the latest IBM X-Force Threat Intelligence Index, this was the most prevalent sort of cyber assault in 2021, accounting for 21% of all attacks.

One reason attackers choose this strategy is that it is a cost-effective business model. To carry out one of these assaults, you don’t require in-house technological skills. Providers of ‘ransomware-as-a-service’ will now do it for you.

What is ransomware-as-a-service, and how does it work? Partners are given pre-packaged tools by criminal ‘firms’ with technological knowledge. In exchange for a share of each ransom payment, those partners carry out the attack.

It can be a tremendously profitable enterprise, with a single gang putting in at least $123 million in earnings by 2020.

Cyber Criminals Operate Like Businesses

The emergence of ransomware-as-a-service illustrates that the most effective cybercriminals operate their operations in the same way that companies do. And, like other businesses, their objective is to maximize revenues while increasing their return on investment (ROI).

Phishing assaults are the primary technique for ransomware attackers and other cybercriminals seeking entrance into a system, accounting for 41 percent of first attacks remediated by IBM X-Force in 2021. It’s much easier and faster to dupe someone into handing up their credentials or clicking on a malicious link than it is to get into a complicated network from the outside. In other words, the return on investment is higher. Once a criminal has gained access to the system, ransomware and other types of malware can be installed.

Similarly, cyber criminals’ target selection is shifting as a result of their goal to maximize revenues. Criminals identified an opportunity in credit card information kept by huge businesses five or six years ago (and many still do). Through ransomware, it is now feasible to cause more interruption to corporate operations and extort more income.

Last year, supply systems were put under new strain. Manufacturing, which plays a crucial role in supply chains, has become a favored target of cyber thieves, according to IBM. It was the target of 23% of the assaults (ahead of finance and insurance for the first time since 2016).

Criminals gain power by targeting industries that cannot afford downtime, allowing them to demand a rapid settlement. This type of attack affects whole business ecosystems rather than just a single company. Attackers will sometimes go even further and target crucial infrastructure.

Critical Infrastructure Attacks by The DarkSide

Last year, the DarkSide ransomware gang (which works on a ransomware-as-a-service model) targeted the privately held Colonial Pipeline, demonstrating the approach of criminals maximizing their power by attacking essential infrastructure. Oil pipelines run 5,500 miles from the Gulf Coast to New York under the company’s control. It provides 45% of the gasoline utilized in the United States. Coast of the United States.

When Colonial was forced to shut down the pipeline, tens of thousands of gas stations ran out of fuel, creating panic buying and a price increase as people rushed to fill up their automobiles. The attack, which was the result of a single compromised password, cost Colonial nearly $5 million in ransom money. However, because the South Korean national pension is one of the company’s co-owners, the impact was felt as far away as Asia.

Colonial was not the only target of the attack. The world’s largest meat supplier was targeted for extortion a month later. Meanwhile, in Atlanta, Baltimore, and Massachusetts, terrorists have held hospitals for ransom and attacked municipal networks, putting pressure on key services to reap maximum profit.

Other Forms of Attack on the Rise

Despite the broad effect of ransomware attacks, the vast majority of them are never reported. As a result, sharing information that might help companies in managing the danger is difficult.

Many of these gangs are headquartered in countries where there are no clear extradition laws or where the government does not cooperate in the fight against terrorism. As a result, offenders have little fear of being prosecuted, much less of being extradited.

Ransomware is now the most popular type of malware among cyber thieves. They do, however, have other ‘products’ they might utilize to fulfill their objectives, just like any other business.

The proliferation of smart gadgets such as refrigerators and smart TVs, for example, has offered attackers new opportunities. Between the third and fourth quarters of 2019, IBM X-Force noticed a 3,000 percent increase in the usage of Internet of Things malware.

What Can Businesses Do?

So, what are the options for businesses? The discipline of thinking like an attacker is a vital first step. What are the most critical services in your company that would create the most disruption if you were to lose access to them?

It’s important to consider both customer-facing and employee- and product-supporting services. You should also consider what systems may be used as a portal into the corporate network.

Consider implementing a zero-trust security paradigm, in which you establish least privileged access, continually check and authenticate, and assume that a breach has already happened. A zero-trust approach can help you reduce the impact of a data breach, increase threat detection, and better protect your company’s assets. Even after a first compromise, the idea is to make it more difficult for ransomware and other threats to propagate. Businesses that practice zero trust can improve security while also expediting the fulfillment of business requirements.

Living the Zero Trust Life

Following are a few methods for establishing a zero-trust environment:

  • Protecting privileged accounts and limiting domain admin accounts. Audit who has access to admin accounts and when, and keep an eye out for questionable activities.
  • Protecting sensitive credentials using Active Directory.
  • Use segmentation to restrict channels via your network when possible.
  • Use secure access service edge (SASE) architecture to assist manage technology and infrastructure approaches from a single location as part of your zero trust plan. You can streamline admin tasks, share data, and use analytics to get a better view of overall security by using a management platform. SASE establishes the framework that allows zero trust to be flexible and manageable. By integrating both approaches, you can protect your data and apps.

Nobody wants to think about what may go wrong. However, taking these and other precautions can help you avoid a ransomware assault or a data leak at the hands of attackers.


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Verified by MonsterInsights