Ransomware is making headlines everywhere. From the energy industry (Colonial Pipeline’s ransom payment of $4.4M) to the food industry (JBS Foods’ ransom payment of $11M), mounting data suggests this insidious trend may be getting out of control.
Money, money, money
Hackers see big cash when average ransom payment exceeds $80K ($780,000 for a large enterprise), while RaaS (Ransomware-as-a-service) and ransomware kits, which start at $175 and require little to no technical skills to deploy, are readily available in the dark web. No wonder ransomware revenues grew 74% to $20 billion in 2020 from $11.5 billion in 2019, according to research firm Purple Security. This highly profitable business with phenomenal growth will very likely fuel more and more attacks.
There is no doubt that ransomware is garnering serious attention. The new U.S. government’s one-stop resource site StopRansomware.gov and the latest U.S. White House’s announcement of a ransomware task force are just a few examples of actions springing up left and right.
The ransomware kill chain usually consists of multiple tactics such as initial access, persistence, lateral movement, and exfiltration. For example, the most common ransomware attack technique associated with the ‘initial access’ tactic is phishing, which delivers 65% of ransomware infections. The MITRE ATT&CK framework identifies three sub-techniques related to phishing:
- Spearphishing Attachment
- Spearphishing Link
- Spearphishing via Service
The complexity stemming from different permutations of tactics, techniques and sub-techniques is further compounded by diverse and mutating ransomware. To accelerate effective ransomware detection for SOC analysts so they can focus on what matters without being overwhelmed by false positives, a holistic defense approach - ‘Layered Analytics’ powered by real-time correlation, supervised machine learning and unsupervised machine learning - is essential for contextually relevant threat insights.
For more information on how ‘Layered Analytics’ can help thwart a ransomware attack, please check out this white paper: 360º Analytics for a Resilient SOC.
It is unfortunate that we live in a world of unrelenting ransomware threats. Fortunately, with the right defenses, we do not have to live in fear.