Posts

Ransomware, Variants, Snipers & Kung Fu

The 2018 SonicWall Cyber Threat Report reported a 71.2 percent decline in the number of ransomware attacks, but a 101.2 percent increase the number of ransomware variants. Let me ask you, is this good news or bad?

If this was a military battle, would you celebrate the news the enemy reduced the number of machine guns by nearly three quarters but doubled the number of snipers? Perhaps, but now you’d have to keep your head lower and stay out of sight.

2016 saw a flood of “spray-and-pray” ransomware attacks as hackers were taking advantage of soft defenses and low levels of employee awareness. In fact, in 2016 SonicWall blocked nearly 640 million ransomware attacks; that was over 1,200 ransoms not seen (or paid) each minute.

Because of this intense pressure, organizations around the globe bolstered their defenses and education efforts. Simply put, we got tired of getting beat up for our lunch money and took Kung-Fu lessons.

Attackers retool ransomware strategies

In 2017, attackers retooled with new exploits. From that, WannaCry, NotPetya and Bad Rabbit were born. Each were designed to be malware cocktails that infected a system and then move on to the rest of the network through shared drives. But these are just three of the 2,855 variants SonicWall created defenses for in 2017 alone.

With these new malware cocktails in the wild, threat actors targeted specific roles within companies through social engineering. Instead of annoying thousands of people with a small ransom with a shrinking chance they will pay, many switched to hard-hitting attacks with larger demands.

Unique Ransomware Signatures

One such instance was the city of Atlanta, where the SamSam ransomware variant affected five out of 13 city departments and shut down systems for 10 days. Fortunately, the $51,000 ransom went unpaid but the damages to systems, lost files and productivity far outweigh the demand.

How to stop ransomware attacks, avoid ransom payouts

So, what can we do in this period of the threat landscape? Employee awareness for social engineering attacks (e.g., phishing attempts) still needs to drastically improve. Strong password hygiene also needs to be in place to block attacks like SamSam that work off of guessed passwords.

From there, we need ransomware protection technology in place that stops attacks. Here are two core technologies have may not have thought of recently:

  1. Implement a network sandbox that can identify and stop unknown attacks.

    A network sandbox is an isolated environment on the firewall that runs files to monitor their behavior. SonicWall Capture Advanced Threat Protection (ATP) is a multi-engine sandbox service that holds suspicious files at the gateway until a verdict can be achieved.

    Capture ATP also features Real-Time Deep Memory InspectionTM (RTDMI). RTDMI is a memory-based malware analysis engine that catches more malware, and faster, than behavior-based sandboxing methods. It also delivers a lower false-positive rate to improve security and the end-user experience. Learn about its ability to find and block malicious PDFs and Office documents.

  2. Use advanced endpoint client security

    For years, companies deployed traditional anti-virus (AV) on their computers, which was fine when the total number of signatures they had to write and update numbered in the hundreds of thousands. Last year, SonicWall discovered 58 million new forms of malware that take time to signature and push to defense points like firewalls.

    Even if these are pushed within 24 hours, it leaves a gap that new and advanced malware can walk right through. I recommend using a next-generation anti-virus (NGAV) solution that can monitor the behavior of a system to look for malicious activities, such as the unauthorized encryption of your files. For example, SonicWall Capture Client delivers advanced malware protection and additional security synergies for SonicWall firewall users.

On top of these two new forms of technology, please follow best practices when securing and managing your networks, such as network segmentation.

Download the 2018 SonicWall Cyber Threat Report

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

READ THE FULL REPORT

SonicWall CEO Bill Conner Joins Cyber Security Panel on Capitol Hill

Cybercrime is a lucrative and booming industry, with recent reports estimating $600 billion in damages to businesses. With the introduction of innovative cyber security technologies and new cyber attack variants, the race is on for private and public organizations to arm themselves for a battle that is being waged in a dynamic threat landscape.

Bill Conner Portrait

On March 6, cyber security experts and policymakers will come together in a panel discussion to address the current threat landscape and its impact on the U.S. economy. Featuring Congressman Lamar Smith, SonicWall CEO Bill Conner and the Honorable Secretary Michael Chertoff, the panel will foster dialogues that focus on the preventative measures organizations should take to thwart cyber attacks, as well as the joint efforts of government and law enforcement agencies combatting modern-day cyber attacks, cybercriminals and threat actors.

Preceding the event, Conner and Chertoff penned an opinion piece, “SEC, Congress take steps toward cyber accountability and transparency,” on The Hill.

Michael Chertoff Portrait

“Cyber risk affects virtually every kind of enterprise. It is not a matter of if, but when,” they wrote on The Hill. “Companies should start with the presumption that they will be attacked and have a comprehensive incident response plan in place. An incident response plan should include a consumer notification process especially when sensitive data such as Social Security numbers and financial information is corrupted.”

Event: Cybersecurity Panel Discussion – 2018 SonicWall Cyber Threat Report
Date: Tuesday, March 6, 12:30 p.m. EST
Location: Committee Room 2325, Rayburn House Office Building, Washington D.C.
Panel:

  • Chairman Lamar Smith, Congressman, 21st Congressional District of Texas
  • Honorable Secretary Michael Chertoff, former head of the U.S. Department of Homeland Security
  • Bill Conner, President and CEO, SonicWall
  • Michael Crean, CEO, Solutions Granted

The panel also will leverage and discuss the findings and intelligence from the 2018 SonicWall Cyber Threat Report, which provides key advances for the security industry and cybercriminals; exclusive data on the 2017 threat landscape; cyber security predictions for 2018; cyber security guidelines and best practices.

Get the 2018 SonicWall Cyber Threat Report

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.