Dirk
Dirk Schrader (CISSP/CISM)
Global VP of Marketing
NNT - New Net Technologies

The news and magazines were filled with stories about ransomware attacks on critical elements of our daily-life and supply chains. The attacks on Colonial Pipeline (hampering the oil & gas supply) and JBS (endangering the food supply chain) were only the tip of the iceberg.

And yes, there has been some promising activity and successes in recent weeks from Government and Law Enforcement Agencies (LEA) across the globe related to ransomware, its eco-system and the priority assigned to it by the authorities and Governments. One might say, finally.

These kind of activities include top tech firms, administrations, and LEAs intensifying their cooperation to disrupt cybercriminal ransomware gangs by limiting their ability to get paid and targeting the individuals and finances of the organized thieves behind these crimes. A new framework addressing ransomware risks has been drafted by NIST.

All of these efforts are needed, long awaited, and they will help to dry out the ransomware eco-system in the long run.These kind of activities include top tech firms, administrations, and LEAs intensifying their cooperation to disrupt cybercriminal ransomware gangs by limiting their ability to get paid and targeting the individuals and finances of the organized thieves behind these crimes. A new framework addressing ransomware risks has been drafted by NIST.

There will of course be setbacks as well when certain ransomware infrastructure and technology re-emerges such was the case with Emotet. This is one of the indicators that ransomware as a dominant cyber security threat is not done and solved.

Ransomware attacks have evolved over time, from a ‘hit-and-run’-style attack to well-crafted playbooks using ‘breach, explore, extract, encrypt, offer’ as the new mode of operations. The ‘explore’ and the ‘offer’ elements will evolve further in the future, as the promises of value are ever present within the data the attackers are searching for.

Production data,for example, the way a certain type of high-quality steel is manufactured, or the settings and measures in place to control the processes in a chemical plant, these are all elements of a company’s intellectual property and a target of leverage and value. Encrypting these controlling devices is for sure one aspect of the expanded ransomware eco-system. But that eco-system has more variants that promise gains for attackers and the arms race initiated by the recent activities will in some ways determine which ones will emerge as preferred.

For companies and organizations, especially those in the Critical Infrastructure space, our operating essential supply chains, it is not the time to relax or to lower the guards. There is too much money on the table for the attackers to simply leave the game.

And there is still much to do.

A new facet of ransomware attacks appears to have established itself, born out of an ‘abundance of caution’. Companies detecting a suspected ransomware attack are opting to shut down entire global IP networks early to prevent any serious harm. It seems that organizations lack the confidence to detect a potential attack, leading to drastic – and often unnecessary - wholesale action in response, which only increases the stakes and adds to the pressure.

Security professionals have heard this statement, ‘we operate a rather flat network’, facing the issue of managing and improving the security of such a setup with limited resources. It is also an indicator of the old ‘fortify the parameter’ paradigm still being widely in use. Whatever the case is, organizations should have mechanisms in place for rapid detection of unexpected changes within their infrastructure as the ultimate early detection mechanism in any malware attack. The early steps in the cyber kill chain are a good example of where organizations should look to, if they want to protect themselves from ransomware. They should answer questions like:

  • how to limit ‘Reconnaissance’ on our infrastructure when that information can be used to ‘Weaponize’ the attack,
  • how to inhibit ‘Delivery’ of malware to our infrastructure and to reduce the attack surface for ‘Exploitation’, and
  • how to detect any ‘Installation’, any file dropped on a device which is an unwanted change the system’s status and integrity.

Security controls and security workflows orchestrated in a way that reduces an organization’s exposure and help to detect malicious changes are therefore essential to combat the heightened Ransomware threat.

Change Control operated under a SecureOps strategy provides the visibility and validation of all changes within an organization’s tool chain and workflow. Enhanced control of change guards against ransomware, providing crucial, early breach detection and a forensic audit trail to expose the spread of compromise. If recent events have taught us anything, it should be that now is the time to expect a cyber attack to be successful and to think more about how it would be detected and how could damage be limited. This is the thinking behind the modern cyber security mindset of cyber resilience, the only way to be ready for ransomware in 2021

SecureOps™ and NNT's Change Tracker are your guards against ransomware, and they will also help you in many more aspects of cyber resilience.

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.