Ransomware: Looking beyond endpoint protection

The last year has been one of the most active in the previous decade in cybersecurity. More than 1,000 data breaches took place in the United States alone, with a total of 155 million individuals impacted by data exposures, according to Statista. But when it comes to ransomware, the data on this insidious type of cyberattack is even more alarming.


Botnet attacks once ruled the threat landscape as the preferred method for threat actors to cash in, but ransomware quickly took its place. Data from Bitdefender’s Mid-Year Threat Landscape Report 2020 points to a 715 percent increase in ransomware attacks in 2020 globally. Email phishing campaigns, remote desktop protocol vulnerabilities, and software flaws are the most common means of infection.


What’s led to this distressing increase, and what can modern-day security professionals do to protect the business? The answer isn’t found on the endpoint.


The perfect storm: The 2020 threat landscape

First, let’s put the threat landscape into context when it comes to the events of the last 15 months. Yes, 2019 was a year for the record books regarding ransomware, especially considering that more than 900 U.S. government agencies fell victim to attacks. But the COVID-19 pandemic is what really put organizations into a tailspin in 2020, says Vinay Pidathala, director of security research at Menlo Labs.


“The rise of ransomware in 2020 can really be attributed to a culmination of things,” Pidathala says. “You have a sudden change in which organizations moved to remote workforces worldwide. Employees are also adjusting to working from home while balancing other duties at the same time, like taking care of their kids and household chores.”


These abrupt changes had a pretty significant impact on employee awareness related to remote work, leading to careless use of the Internet and not paying close enough attention to the barrage of emails that are coming in—resulting in risky behavior that could be costly for businesses.


“User awareness really took a hit,” Pidathala says. “Challenges were also presented when it comes to endpoints. In many cases, personal laptops are being used to conduct work, and…


Ransomware on the Rise, Organizations Doing Better at Detecting Intrusions – MeriTalk

More security incidents were detected by the intruded organizations last year, a positive trend in the cybersecurity sector as cyber threat actors are increasingly exploiting the remote work setup, a 2021 trends report by Fire Eye and Mandiant – both cybersecurity firms – found.

The report also found that ransomware has become a “multifaceted extortion” scheme, identified a financial cyber threat group, and detailed how Mandiant worked with law enforcement after finding the initial SolarWinds Orion intrusion.

“Security practitioners faced a series of challenges in this past year which forced organizations into uncharted waters. As ransomware operators were attacking state and municipal networks alongside hospitals and schools, a global pandemic response to COVID-19 necessitated a move to remote work for a significant portion of the economy. Organizations had to adopt new technologies and quickly scale outside of their normal growth plans,” the report says.

“As organizations settled into a new understanding of “normal,” UNC2452, a suspected nation-state threat actor, conducted one of the most advanced cyber espionage campaigns in recent history,” the report continues. “Many security teams were forced to suspend wide-ranging analyses around the adoption of remote work policies and instead focus on a supply chain attack from a trusted platform.”

In addition to naming UNC2452, the report also names FIN11 as a threat actor to be aware of. FIN11 is a financially motivated group, suspected of committing “widespread phishing operations” and “several multifaceted extortion operations.”

On a positive note, the report notes that 59 percent of the intrusions Mandiant investigated were self-reported by the organizations experiencing the intrusion, a reported 12 percent increase from the year before.


Checkpoint Installation,Deployment and Configuration – cyber security detection, firewall, vpn

Will FinCEN’s Crypto Conundrum Hurt Ransomware Victims?

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Ransomware was invented 30 years ago when an AIDS researcher mailed between 10 and 20 thousand 5.25 floppy disks emblazoned with the name “AIDS Information Version 2.0,” to people and business around the world. Over the past 30 years, much has changed including our use of computers which now, instead of being attached to cathode ray television sets, fit into our pockets. The trajectory, from floppy disks in the 80’s, to e-commerce by the early 2000s, has culminated in the minting of digital money. Since then, as the use of cryptocurrency has grown, other industries have grown with it. One industry, often overlooked, is ransomware. Ransomware is a plague on businesses world-wide. Indeed, the  U.S. government recommends not paying these ransoms. New guidance, however, issued by the Financial Crimes Enforcement Network (“FinCEN”) to the industry in late 2020, takes this too far; it threatens to impose sanctions on the insurance industry that has bloomed around cyber crime and will likely hurt the victims, not the criminals.

Ransomware is Everywhere

“Today, ransomware is a booming business for cyber criminals, making cyber insurance a business imperative.” Says Bridget Choi, the General Counsel of Kivu Consulting, a digital forensic-incident response (“DFIR”) firm, who leads their regulatory program. “Since the boom, cyber insurance has become a billion-dollar industry.” Originally designed to be a risk transfer should a network go down and a business lose revenue, cyber insurance is now frequently used to protect against and respond to ransomware attacks. And cyber insurance claims happen to be an excellent metrics for tracking these cyber-attacks. “As recently as 2013, the large cyber-claims were typically well-known data or payment card data security breaches,” explains Choi. “With the growth of digital payments and cryptocurrency, the cyber threat landscape has changed.” Indeed, the FBI estimates that “$144.35 million in Bitcoin have been paid” for ransomware attacks between 2013 and 2019. Estimates for ransomware payments for 2020—based in part on the surge in remote work spurred by COVID-19—reached…