In last quarter’s Threat Landscape Report, FortiGuard Labs reported at least two significant ransomware families – Sodinokibi and Nemty – have been deployed as RaaS (Ransomware-as-a-Service) solutions. As-a-service offerings, especially when combined with new evasion techniques and their ability to deliver increasingly sophisticated malware, have played a significant role in the uptick in attacks and network compromises.
Ransomware’s New Game is a Killer
The GandCrab ransomware reportedly earned more than $2 billion for its developers in less than two years. Much of the money was the result of their use of RaaS to distribute their malware. By establishing a network of affiliate partners, GandCrab’s authors were able to spread their ransomware widely and scale earnings dramatically by taking a slice of every attack.
With the addition of two additional prevalent ransomware variants to the RaaS sales model, ransomware not only continues to be a clear and present danger to enterprise organizations, but organizations can expect a significant uptick in the volume and severity of attacks for the coming year. By using the RaaS model, the authors of malware such as Sodinokibi and Nemty are significantly lowering the bar for launching attacks, making ransomware even more accessible and profitable for a growing pool of bad actors.
15 Ways to Take Action
Organizations need to take steps now to protect their networks and networked resources from the growing problem of sophisticated ransomware. Here are 15 things you can start to implement today.
- Patch and update your operating systems, devices and software.
- Use inventory tools and IOC lists to prioritize which assets are at the most risk.
- Update your network IPS signatures and your device antivirus and anti-malware tools.
- Back up your systems and store backups offline, along with any devices needed for network recovery.
- Run recovery drills and pre-assign responsibilities so systems can be restored quickly in the event of a successful breach.
- Update your email and web security gateways to check email attachments, websites, and files for malware.
- Use a sandbox to execute and analyze new or unrecognized files in a safe environment.
- Block advertisements and social media sites that have no business relevance.
- Use zero-trust network access that includes virus assessments so users can’t infect business-critical applications, data, or services.
- Inspect and block bring-your-own-devices that do not meet security policy.
- Use application whitelisting to prevent unauthorized applications from being downloaded or run.
- Prevent unauthorized SaaS applications with a CASB solution.
- Segment your network into security zones to prevent the spread of infection.
- Use forensic analysis tools to identify where and infection came from, how long it has been in your environment, ensure you have removed all of it from every device, and ensure it doesn’t come back.
- Plan around the weakest link in your security system – the people who use your devices and applications. Training is essential but limited. Proper tools, such as secure email gateways, for example, can eliminate most if not all phishing emails and malicious attachments.
Protection Requires Preparation
As cybercriminals expand the RaaS market with new ransomware variants to expand their earning potential, enterprises have to significantly step up their efforts to protect themselves. Bad actors are focusing their attacks to achieve maximum impact and profitability, often combining highly targeted attacks with increasingly stealthy and unexpected methods. Organizations that prepare now stand the greatest chance of withstanding this latest wave of malicious criminal activity.
This blog is a summary of a byline entitled, “All in the (Ransomware) Family: 10 Ways to Take Action,” written for Threatpost by Fortinet’s Chief of Security Insights & Global Threat Alliances, Derek Manky.