Guest Post: Combating the Silent Evolution of Ransomware

By: Myla Pilao, Director for Technology Marketing, Trend Micro

In today’s ever-connected world, data breaches and cyberattacks have become increasingly common.  While ransomware attacks, specifically, may not be making headlines as often they should be, these attacks continue to be a persistent threat in the global cyber landscape indicating evolving approaches and brewing underground activity– known the silent evolution.

Dating back to 2007, when ransomware was just introduced, cybercriminals began with targeting end users. Over the years, however, as their techniques have become more sophisticated, there has been a transition towards highly targeted attacks with the most significantly impacted victims being enterprise and critical infrastructure industries. These include transportation, healthcare, oil and gas, high-tech manufacturing and organizations that demand high digital connectivity.

Beyond leveraging more sophisticated techniques, cybercriminals have developed the confidence to execute deep-surface campaigns. Instead of individual targets, attackers are now aiming at the main controller of network systems, including access to servers, exchange, active directory and so on, to create a bigger and deeper impact. This results in access to commands across the network. Recent examples such as LockerGoga, Ryuk, MegaCortex and Clop, show that as opposed to targeting one or two key areas, cybercriminals are now targeting the entire system. Recent examples have also significantly affected local governments in the United States, highlighting the impact of ransomware on smaller organizations that may lack the resources for proper IT hygiene practices.

As Canada continues to improve its systems and IT hygiene, it is creating a more equipped nation to tackle cyber crime. Although Canada stacks up well compared to other countries globally and is seeing a trend of decreasing ransomware infections, it has a large presence of critical infrastructure and therefore remains susceptible to threats.

In order for businesses to combat the silent evolution of ransomware, below are five best practices:

  • Back up business data and company files regularly.To ensure the most efficient protection, back up files and data following the 3-2-1 rule, that is 3 different copies stored in 3 different places, in 2 different formats, with at least 1 copy stored offsite. In addition, businesses must test and verify these backups to ensure that they are intact and can be restored from in a reasonable amount of time, should they be needed.
  • Update software and operating systems.Operating the latest versions can help prevent cybercriminals from abusing vulnerabilities in older software to spread ransomware.
    • The most noteworthy example is WannaCry, which made headlines in May 2017 after impacting a number of companies across the globe. Although the actual exploits that WannaCry abused were patched in March 2017, its widespread impact showed that many businesses were either unable to apply the patch on time or were using unsupported operating systems (which MS later patched).
  • Implement network segmentation. Protecting the network against ransomware is very important, since infected networks are used to communicate with the cybercriminal’s servers and also used to spread ransomware within the network itself. Network segmentation can improve security by allocating user-specific resources which minimizes the ways that attackers can move within the network.
  • Use multilayered security. Businesses now have workloads that spread across multiple environments ranging from physical servers to hybrid cloud and beyond), so using multilayered security should be a priority for companies that want to “cover all the bases.”
  • Build a culture of security within the workplace. Organizations need to foster security awareness within their workforce. This goes beyond just regulatory compliance and should extend to employee education and remediation strategies.
    • For example, spam and phishing are two of the most common methods used to spread ransomware, making it important for businesses to teach their employees how to spot social engineering techniques.


Leave a Reply

%d bloggers like this: