From video games to healthcare to auto parts distributors to municipal governments, ransomware attacks are a major security issue for nearly every type of organization.
The attacks – which encrypt, block access to, or leak IP and other company information until a victim pays a fee – were already a challenge before the pandemic.
But as more people and businesses spend more of our time online than ever before, the impact of ransomware attacks is growing worse with the pandemic. Different outlets have reported that the total number of ransomware attacks is increasing, ransomware attacks are becoming more targeted, ransomware payouts are becoming steeper, or some combination of all three.
Wherever you look, the news isn’t great: a recent report found that 70% of enterprise ransomware victims have paid ransoms and estimated that ransomware attacks could net cybercriminals $20 billion in 2021.
Another troubling trend? Cybercriminals are increasingly using double extortion ransomware attacks, in which they threaten to “sell or even auction the encrypted data.”
Using RSA NetWitness Platform to prevent ransomware attacks
Cybercriminals who use ransomware want to infect as many endpoints as possible. To do that, they need to infiltrate the network, set up backdoors, harvest credentials, move laterally between users and exfiltrate data.
Each of these steps represents a key point where defenders can identify and stop an attack before it does significant damage; it’s critical that security analysts and engineers be aware of this process, as it can only take a few hours to move from one step to the next and launch an attack.
Organizations can use RSA NetWitness Platform at each of these points to protect their IP and stop a ransomware attack before it starts. The following resources explain how:
- How to Begin Looking for Malware with RSA NetWitness Platform – four-minute video detailing manual malware analysis and binary identification using RSA NetWitness Platform 11.4
- Using RSA NetWitness to Detect Ransomware Attacks – our step-by-step guide detailing how businesses can use the solution to identify anomalous behaviors and prevent successful attacks
- Detecting and Responding to a Ransomware Attack – see our infographic for steps on how to safely detect, investigate, and respond to an attack
Looking ahead
Ransomware isn’t going away: Security Boulevard reported an average 139% year-over-year growth in ransomware attacks in Q3 of 2020 compared to the same period in 2019. Cybercriminals are becoming more targeted and more sophisticated in their approach as they aim their campaigns to encrypt the highest valued assets across all sectors. The good news is that we’re still thinking of better, faster, and smarter ways to automatically respond to security incidents. Contact NetWitness to learn more.