Ransomware Threat Intel: You’re Soaking In It!

Ransomware is the preeminent cyber threat facing both public and private sector organizations. By one estimate, around four in 10 organizations experienced a ransomware attack (PDF) in the last two years. Moreover, the stakes of ransomware incidents have risen right along with their frequency. Today’s ransomware attacks are complex feats of extortion that combine data theft, malware deployment, denial of service, and other techniques. Ransomware attacks have been linked to disruption of critical infrastructure, from hospitals to gas distribution pipelines.

Tackling ransomware threats is a top priority for both law enforcement and private sector security firms. The recent attacks affecting critical infrastructure in the US inject urgency into the government’s response to the ransomware threat.

For example, following the attack on the Colonial Pipeline, servers and bitcoin wallets used by the DarkSide ransomware group and its affiliates were seized and disabled, forcing the group to cease operations. At the same time, the Biden administration rallied like-minded countries to its Counter Ransomware Initiative (CRI) to work on improving cross-border coordination in areas like criminal investigations and prosecution as well as diplomatic cooperation.

The bad news: Neither stepped-up response nor better international cooperation will make the ransomware problem disappear. Organizations need to improve their ability to detect and prevent emerging ransomware attacks. To quote Chief Brody from the movie Jaws, “You’re gonna need a bigger boat” to stop ransomware, or at least a different boat. So, what does this new ransomware-catching boat look like? Here are some thoughts.

Quality Threat Intelligence Is Key
Ransomware is too diverse a threat to succumb to any “silver bullet” security solution. To stop ransomware, organizations must first develop an in-depth understanding of the tooling, capabilities, and behaviors of ransomware groups likely to target them. To get to this level of understanding, your organization needs up-to-date threat intelligence.

What constitutes ransomware threat intelligence? It can be strategic, tactical, or operational. Ideally, you will use some of each. Strategic…