The Rise of Enterprise Ransomware
November 19, 2019 | News
Ransomware attackers are becoming increasingly sophisticated and professional in their approach. They’re targeting larger organizations, infecting hundreds of computers within them, and demanding higher ransoms.
Furthermore, the costs incurred from the downtime of these attacks are skyrocketing; crippling organizations in the process.
But what has caused this shift in focus towards larger enterprises? Who and what are the main threats? And what security solutions should be in place to safeguard against these types of attacks?
What is enterprise ransomware?
Enterprise ransomware is ransomware is targeted at mid- and large-sized organizations. Public sector organizations, including local government and school districts, are frequent victims. However, private enterprises are also targeted. By attacking organizations with deeper pockets, cybercrooks are looking to increase their financial gains without increasing effort. This shift towards larger prey has been coined as enterprise ransomware.
What has caused the shift towards enterprise ransomware?
In terms of execution, you could say that ransomware attacks have come full circle. Early attacks were manual and targeted specific organizations. However, the evolution of technology and near omnipresence of the internet in society led attackers to automate attacks to maximize the probability of success.
However, with automation comes predictability. Once you realize that an unexpected email message with a zipped file attachment more likely than not contains something bad, you can take steps to block all emails with zipped file attachments. If you know attackers are likely to use vulnerabilities in Microsoft Word or Excel to infect machines, you patch those applications and operating systems.
Most mainstream endpoint solutions and firewalls have incorporated these technologies and can now stop these attacks efficiently and effectively. Attackers have therefore reverted to manual, coordinated, highly targeted and therefore unpredictable approaches which are far harder to detect and block. Attacks typically focus on a single organization with the aim of infecting as many internal systems as possible – ultimately bringing the victim to their knees.
What does an enterprise ransomware attack look like?
Enterprise ransomware attacks differ quite considerably from ‘traditional’ automated approaches and typically:
- Take longer to unfold: there’s a higher dwell time as the attackers manually traverse the network towards targets.
- Are harder to recover from as the attackers take time to:
- Ensure backups are, in some way, permanently removed.
- Understand the business and attack the most impactful assets.
- Gain deep administrative access to the environment – domain admin, etc. making them much harder to kick out.
- Are carefully priced – in some cases the attackers access finance systems first so they know exactly how much the business can afford to pay.
Beyond ransom fees - the true cost of enterprise ransomware
While it is the typically extortionate ransom fees that make the headlines, both the cost of the downtime inflicted by enterprise ransomware and the reputational damage to businesses are largely understated.
Such downtime of course inflicts heavy reputational damage with corporate security strategies thrown into question and data integrity doubted. It is therefore of the utmost importance to remain ahead of the game and put in place steps to combat enterprise ransomware.
How Sophos helps to keep your enterprise secure
To stop enterprise ransomware, you need to have effective, advanced protection in place at every stage of an attack.
Stopping attacks get into your network
Sophos XG Firewall is packed with technology to help protect your organization from ever evolving ransomware attacks. In particular, XG Firewall includes one of the best performing and most effective IPS engines on the market, and provides a simple and elegant solution to lockdown your RDP servers.
Securing your endpoints and protecting your servers
Should hackers somehow access your network, Intercept X uses multiple layers of defense to stop ransomware in its tracks. Anti-exploit technology stops the delivery of ransomware, deep learning blocks ransomware before it can run, and CryptoGuard prevents the malicious encryption of files, rolling them back to their safe state.