The threat landscape is unpredictable, but it is safe to see that ransomware is no longer just about encrypting data. Max Heinemeyer, director of threat hunting at Darktrace, notes that ransomware gangs are becoming more professional in how they select their targets and how they carry out their attacks.
“[Organizations] say, ‘Well, I've got backup, so I'm good, right, if I get hit by ransomware?’ but they often forget that ransomware these days about might be extortion [or] data exfiltration,” says Heinemeyer. “Sometimes it's about DDoS to bring down operations, sometimes it's about encrypting the backups or deleting them.”
In this Tech Talk (above), Heinemeyer says ransomware gangs are going to shift away from “big game hunting,” where they went after large and well-known targets, to targeting middle and smaller-sized organizations. Law enforcement pressure was high when Colonial Pipeline was hit by ransomware, but it’s likely not going to be as high when it’s the medium-sized companies that are being hit. Considering big companies with their budgets, resources, and people already struggle with ransomware’s effects, the situation will be far more painful for medium and small companies, he says.
Ransomware attacks will also become more frequent for environments “connected to physical things,” Heinemeyer says. An attack on those environments would bring business operations to a halt, such as would be the case in manufacturing, healthcare, and logistics.
“We expect to see that [volume of attacks] grow, because that's what really hurts -- when your business standstill and you can't make money anymore,” says Heinemeyer.
Ransomware’s eventual ubiquity will also impact how organizations handle security projects and initiatives, Heinemeyer predicts. Traditional security projects that take more than a year just to get monitoring in place and “get to the very first low-hanging fruits” will no longer be acceptable. Attackers are entering networks, finding valuable information, exfiltrating the files, and encrypting the data in a short period of time. The window of opportunity for defenders to detect and stop attacks is getting smaller, so organizations have to focus on becoming faster.
“These monolithic, long, slow security projects where it's extremely complex and you don't have any quick wins…will change because results have to be seen quickly these days, or you're just going to lose your business,” Heinemeyer says.
Note: DR Technology is sponsored by Darktrace.