Edward Gately | Channelfutures.com »
An increase in attack sophistication is proof of the growing threat that ransomware poses to all organizations. That’s according to a new alert by cybersecurity agencies from the United States, the United Kingdom and Australia.
Over the past several years, ransomware has become the most prevalent threat to organizations in private and public sectors alike, including financial services, food and agriculture, government, health care and other critical infrastructure industries.
Ransomware groups have increased their impact by:
- Targeting cloud infrastructures to exploit known vulnerabilities in cloud applications, virtual machine software and virtual machine orchestration software. Ransomware threat actors also targeted cloud accounts, cloud APIs, and data backup and storage systems to deny access to cloud resources and encrypt data.
- Targeting MSPs. By compromising an MSP, a ransomware threat actor could access multiple victims through one initial compromise. Cybersecurity authorities in the United States, the United Kingdom and Australia say there will be an increase in ransomware incidents where threat actors target MSPs to reach their clients.
- Attacking industrial processes. Although most ransomware incidents against critical infrastructure affect business information and technology systems, the FBI observed that several ransomware groups have developed code designed to stop critical infrastructure or industrial processes.
- Attacking the software supply chain. Targeting software supply chains allows ransomware threat actors to increase the scale of their attacks by accessing multiple victims through a single initial compromise.
- Targeting organizations on holidays and weekends. Ransomware threat actors may view holidays and weekends, when offices are normally closed, as attractive timeframes, as there are fewer network defenders and IT support personnel at victim organizations.
“Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model,” the alert said. “Additionally, cybersecurity authorities in the United States, Australia and the United Kingdom note that the criminal business model often complicates attribution because there are complex networks of developers, affiliates and freelancers. It is often difficult to identify conclusively the actors behind a ransomware incident.”
Saryu Nayyar is CEO and founder of Gurucul.
Warning of Sophisticated Ransomware Attacks