• Latest
  • Trending
Defending Against Modern Ransomware Tactics

Defending Against Modern Ransomware Tactics

January 5, 2022
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Tuesday, 7 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Defending Against Modern Ransomware Tactics

by ITECHNEWS
January 5, 2022
in Leading Stories, Opinion
0 0
0
Defending Against Modern Ransomware Tactics

Ransomware gangs are continuing to evolve new tactics and techniques, and organizations need to be better prepared to defend against them in 2022. In the business of extorting money from victims, bad actors are finding innovative, disruptive new ways to gain leverage and provide incentives for victims to hand over the ransom payment.

The rise of double and triple extortion methods—used by ransomware operators to improve their success rates—is putting additional pressure on organizations to understand common and emerging ransomware trends, as well as how to respond to them.

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

The double extortion tactic has proved very effective given it undermines ransomware recovery strategies for organizations who planned to rely on data backup remediation options in the case of a ransomware attack. With double extortion, the options for organizations become more limited.

Common Themes Among Thieves

The common themes for ransomware extortion include prevention of data loss/destruction, prevention of business disruption as systems become disabled and prevention of data leakage by making it public.

The arrival of double-extortion ransomware signals the pairing of data exfiltration with the previous step of encryption, in addition to the threat to divulge data.

Common data types targeted by ransomware attackers include protected health information (PHI) which includes medical records, diagnosis details and patient medical insurance data and other sensitive personally identifiable information (PII), ranging from birthdates and physical addresses to Social Security numbers (SSNs).

Under triple extortion (to say nothing of emerging quadruple extortion tactics), ransom demands might now also be directed at a victim’s clients or suppliers and, although triple extortion was first observed barely 12 months ago, these types of multi-layered extortion capabilities have quickly become an important ransomware selling point for developers like REvil.

This entails several potential negative outcomes including destruction, release or trade of data with other unsavory parties.

To make matters worse, there are also observed trends of so-called “quadruple extortion”, which includes the aggressive steps of traditional DDOS attacks and targeted harassment of the organization or its customer base.

Ransomware’s Unholy Alliance

According to findings from Group-IB’s Hi-Tech Crime Trends Report 2021/2022, there’s an “unholy alliance” of initial access brokers and ransomware operators as part of ransomware-as-a-service (RaaS) affiliate programs.

Double-extortion ransomware damage has skyrocketed 935% in the last year, the study found, in contrast to the days when only one ransomware gang was using the tactic in 2019.

A report by Help Net Security found that at the end of Q1 2021, the percentage of ransomware attacks that included threats to publish exfiltrated data if a ransom demand was not paid had increased to 77% of all documented ransomware attacks.

“By threatening to release stolen data, ransomware operators have increased the incentives to pay the ransom,” explained John Bambenek, principal threat hunter at Netenrich, a digital IT and security operations company. “Many organizations have good backups and disaster recovery plans and when those work, ransomware can be mitigated.”

He explained that stolen data, however, often cannot be mitigated so even resilient organizations will have to contend with that problem.

Bambenek said he thinks one of the most underutilized techniques to prevent data exposure extortion is minimizing the data you have and keep.

“Some organizations have regulations or rules that strongly regulate how long they keep certain classes of data, but many organizations do not have such requirements,” he said. “Take strong steps to delete data when it no longer needs to be kept—it’s both better for privacy and can help protect against these types of extortion.”

Oliver Tavakoli, CTO at Vectra, an AI cybersecurity company, suggested running a tabletop exercise simulating a ransomware attack against your organization.

“Know who you would contact and when to contact them for help,” he said. “Do you have an IR firm ready to step in should such an attack occur? Do you know the limits of your cyberinsurance policy? Will the company underwriting your cyberinsurance be taking the lead on negotiations with the ransomware gang?”

While these suggestions are not perfect, Tavakoli noted these types of tabletop exercises can surface issues that should be discussed (and capabilities that should be put in place) in advance of an attack. It’s better than nothing.

Source: Nathan Eddy
Tags: Ransomware
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version