What and how did the Ransomware Landscape change?



Five years ago, on May 12th of, 2017, we were all struck by a major ransomware attack known as WannaCry. This attack had an unprecedented scale and spread worldwide like wildfire—with over 200,000 Windows computers across 150 countries affected; the damage was estimated to be billions of dollars in losses.


About a month before the WannaCry attack, a hacker group called the Shadow Brokers publicly leaked an exploit developed by the National Security Agency (NSA). This exploit, dubbed EternalBlue, allowed code execution on remote machines. Although Microsoft released a patch for EternalBlue before Shadow Brokers leaked it, many computers worldwide remained unpatched and, therefore, vulnerable to EternalBlue's success.

The Ransomware Threats


Ransomware threats are increasing, and recently, many articles have been published based on new research on ransomware threat actors and their victims. Cybersecurity professionals thought that adversaries were criminal gangs that operated within a shadowy underworld, trading secrets and malicious codes in hacker forums. But today's ransomware operators act more like professional leaders of fast-growing start-ups and leverage third-party partnerships to perform unethical activities.

Just like software companies taking advantage of DevOps, ransomware operators are building the malware and enabling them to be agile and adapt rapidly. This way, they are creating some exploits that take advantage of discovered vulnerabilities at super speed. The current ransomware threat landscape leaves the cybersecurity teams constantly setting up roadblocks in the dark, which isn't enough to fight against the ransomware.

An Unforgettable Outbreak

The WannaCry outbreak was one of the most significant global cyberattacks in history. The malware, which was used to gain control of thousands of computers, encrypting them, and then demanding ransom payments from their owners, was created by a hacking group called Shadow Brokers. While it spread widely across the world, it hit particularly hard in the United Kingdom's National Health Service (NHS), which ran many vulnerable machines and therefore was hit especially hard, with a third of NHS hospital trusts affected by the attack. Among other significant victims of the global pandemic were Spain's Telefonica telecom service, telecom providers, banks, the railway system, and even the Interior Ministry in Russia. Governments, hospitals, and other major companies all found themselves battling the attack.

The WannaCry ransomware attack was a game changer for cybersecurity, and it hasn't been easy to figure out what exactly it was trying to do. Was it designed to extort money from victims? To cause chaos, panic, and destruction? Or something else entirely? While this outbreak was stopped when researchers enabled a "kill switch" hardcoded in the malware – while this did not help already encrypted systems – it drastically slowed its spread.

It's still debated among security experts who have studied the attack and its aftermath. The fact that it was global in scale and multi-vectored only adds to the mystery. The fact that it's one of the first cyberattacks ever to be powered by state-sponsored actors only makes things worse.

We know that this hack represents a turning point in the cybersecurity environment—and not just because of its impact on businesses worldwide. It's also because it changed how people think about cyberattacks going forward.

Protect your business with immutable backup storage

When you think of ransomware attacks, the first thing that comes to mind is the fear that your company will be hit. It's easy to see why—no one wants to think about the possibility of getting hacked or having a data breach, but it happens all too often—and even worse, businesses have no idea how much money they could lose if it happened.

To protect your business, you need to implement security measures and tools that protect your corporate data. The National Institute of Standards and Technology's Cybersecurity Framework is suitable for organizations to start. The NIST framework features five pillars' businesses should follow: identify, protect, detect, respond, and recover.

Protection is a crucial pillar. For many businesses, the question isn't if they will get infected by ransomware but when. A backup copy of data can allow them to recover without paying the ransom. Best practices include providing employees with security awareness training, using endpoint security tools, and making backup copies of data.

The key is to deploy immutable backup storage. It is immutable because the data is encrypted and written once and can never be changed. No one can penetrate it or overwrite it if businesses have immutable storage.

Connect with Allendevaux & Company and take a proactive step!

2 views0 comments