WannaCry, Judy, BadRabbit – some of the high-profile ransomware attacks that had crippled critical systems of global businesses starting May of 2017. Fast forward to 2018, and ransomware still continues to remain a major threat vector for organizations large, medium, and small. This year’s twin ransomware attacks on Atlanta city and the City of Baltimore brought down crucial online services and emergency systems respectively.
The recent security incident at Cass Regional Medical Center in Harrisonville, Mo, where a ransomware attack impacted over 250 systems along with the attack on the Ukraine energy ministry website, clearly highlights how ransomware masterminds have been stealthily breaching security systems across the globe. Ransomware attacks have continued to make headlines with more potent and targeted techniques launched over the past one year. This is validated in Verizon’s annual Data Breach Investigations Report 2018, which states Ransomware as the cause of 39% of malware-related data breaches this year1.
Ransomware, a threat that has evolved to epic proportions with the introduction of network-based attacks, wiper-malware techniques and readymade tool kits is typically delivered via a malicious email or infected third-party websites. Once ransomware takes over a particular endpoint it immediately blocks access to a PC, server or mobile device, or encrypts all or some of the data stored on that endpoint. The cybercriminal then demands a ransom to allow the user regain access to their data and or systems. With industry predictions of ransomware attack on businesses every 14 seconds, and global ransomware damage costs to exceed $11.5 billion annually by 2019, this is surely a key security concern for enterprises – private and public2.
Apart from the proliferation of ransomware attacks, wide range of sophisticated tactics and tools, such as encrypting code and communications, using randomly generated file names and URLs, and using metamorphic and polymorphic algorithms, make ransomware campaigns difficult to discover, classify, and counter. The complex series of redirects and continuous updates to the exploit kits by ransomware masterminds, further add to the challenge of locating the origin of the malware and subsequently preventing such an attack.
Ingenious and sophisticated ransomware attack techniques deployed by hackers are making the traditional detection-based security systems vulnerable. With the modern breed of adversaries getting more adept at constantly updating and mutating their exploit kits and malware codes to infiltrate each and every new security measure installed, there is a need for a whole new security approach. A shift from the reactive Malware Detection, to a proactive Malware Isolation approach.
Cyberinc Isla based on the concept of isolation truly secures your IT network by isolating the web-browser session from the enterprise endpoints, thus automatically breaking the “kill chain” of any sophisticated ransomware attack.
Download the White paper: To learn How Cyberinc Isla Malware Isolation can help eliminate the threat of ransomware
1Verizon: Verizon Data Breach Investigations Report 2018
1Cybersecurity Ventures: Cybersecurity Ventures report 2017