Blog Post June 15, 2021

Ransomware: Terrorizing the Cyber Streets

Ransomware: Terrorizing the Cyber Streets

As the world begins to redefine and establish a new normal after lockdown, cyberattacks are not letting up. From attacks on small businesses to the latest Colonial Pipeline attack, ransomware continuously presents itself as a significant threat to cybersecurity.

According to Cybercrime Magazine, experts predict there will be a ransomware attack every 11 seconds in 2021. Scary to think about, right? The power lies in organizations’ hands to stay vigilant and protected from ransomware attacks and groups like DarkSide. Now, consider this: if cyberattacks have the power to take down some of the largest businesses in the world, what can they do to your organization?

Let’s step into the world of ransomware to gain a deeper understanding of what is happening in one of the industry’s fastest-growing cyber nightmares.

Ransomware’s Truth

As stated by the Cybersecurity and Infrastructure Security Agency (CISA), ransomware is “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

As cyber criminals grow sharper by the day, it is no surprise that ransomware has become a 1.4-billion-dollar industry. This dangerous type of malware can do irreparable damage, as it uses vulnerabilities to infect an organization’s overall system or network. Through its various methods, including screen lockers, encryption, and scareware, ransomware can terrorize every industry. Your organization should consider what your cybersecurity infrastructure looks like; if you are not confident that it is built to withstand powerful attack attempts, it is time to start looking for ways to improve.

What is DarkSide Ransomware?

DarkSide is a group that stopped us all in our tracks. Consumers were lined up at every gas station down the East coast, filling up their cars, containers, and even plastic bags following the group’s latest victim, the largest fuel pipeline in the United States, Colonial Pipeline Co. According to CISA:

DarkSide “is ransomware-as-a-service (RaaS)—the developers of the ransomware receive a share of the proceeds from the cybercriminal actors who deploy it, known as ‘affiliates.’ According to open-source reporting, since August 2020, DarkSide actors have been targeting multiple large, high-revenue organizations, resulting in the encryption and theft of sensitive data. The DarkSide group has publicly stated that they prefer to target organizations that can afford to pay large ransoms instead of hospitals, schools, non-profits, and governments.”

Groups like DarkSide are only going to get faster, smarter, and harder to defeat. This truth poses a critical message to the cybersecurity industry that now is the time to tighten up. This recent breach has left the entire country wondering: what’s next?

The Basics of a Ransomware Attack

Ransomware at the most basic level can infect your computer in many ways. According to UC Berkeley’s Information Security Office, “Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.” Once a cybercriminal has gained access, they stay in your network for several weeks or months, and then invite the malware team to install ransomware.

Using the Colonial Pipeline as an example, Insider reported the company’s CEO revealing that attackers targeted a system that relied on a single password instead of multi-factor authentication. The password for the organization’s virtual private network (VPN) was previously leaked on the dark web, leading to it being compromised. Consequently, this single compromised account caused a massive domino effect, which greatly impacted the country’s economy, cybersecurity posture, and more.

While Colonial Pipeline is the most recent high-profile victim of a ransomware attack, the next organization is not far behind. Let’s just hope they are more prepared. This is where the importance of cybersecurity tools and protocols enters the conversation. Organizations are responsible for their cybersecurity posture and creating a safe network environment. Shifting that responsibility from IT teams to a security and compliance automation platform with a Darknet Exposure Module gives you added layers of security and avoids human-error.

How to Prevent a Ransomware Attack

The reality is that ransomware is a severe problem. If you do not get ahead of it, your organization could face detrimental consequences. As stated above, ransomware intruders typically gain access into networks using compromised accounts that have been stolen using malware or that the intruder has purchased from the deep and dark web.

A security and compliance automation platform with User Entity and Behavior Analytics (UEBA) is the key to stopping ransomware cold. This feature will assist you in detecting lateral movement or anomalous account activity once an attacker has entered your network to monitor the target environment. UEBA lays down a pattern of behavior for every system and account on your network and searches 24/7 for anomalies that provide clues to lateral movement or unusual activity by compromised accounts belonging to legitimate network users.

The only way to avoid becoming a new breach statistic is to invest in strengthening your organization’s cybersecurity posture. When you decide to put your network in the hands of tools designed to protect it, you will find yourself able to work smarter, not harder, to remain resilient against cybercriminals.