Ransomware has surged, despite aggressive defenses, because it’s a profitable enterprise where opportunity is limitless.
As the number of endpoints around the world continue to multiply, ransomware gangs simply have too many choice targets in front of them. It’s the job of enterprises to make sure they don’t fall victim to ransomware and to make the landscape less profitable for the bad guys. This article is about how to do that using a context-sensitive defense.
Ransomware, Inc.
The ransomware business is so profitable that threat actors have created their own business models by renting access to do-it-yourself ransomware kits to those willing to pay top price. Consider groups such as Black Basta, LockBit, Royal and Scattered Spider, all of whom have increased their profitability through the ransomware as a service.
Matt Hickey, vice president of sales engineering at Sophos, said ransomware attacks are no longer just about ransomware: “They're actually holding your data hostage, and they’ll threaten to release it if you don't pay by a specific time. We saw that happen with MGM, where they said we're not going to pay the ransom, and they paid a heavy price for it.”
Fighting back with a context-sensitive endpoint defense
Hickey contends that context-sensitive defense can play a significant role in protecting data and systems from all of these attacks.
Context-sensitive defense provides a comprehensive and adaptive way to combat ransomware attacks. With context-sensitive defense, there’s threat exposure reduction, deep learning anti-malware protection, and comprehensive anti-ransomware and anti-exploit capabilities. One of the key components of context-sensitive defense is the adaptive nature of endpoint security that can automatically apply more aggressive protection when a device is under attack.
Traditional security technologies often fail to protect endpoints due to their limited ability to adapt to evolving attack techniques. Context-sensitive defense addresses this limitation by aggregating and analyzing data from various sources, including endpoints, firewalls, authentication systems, SIEMs, threat databases, network logs, and anti-malware and anti-ransomware systems. By drawing upon these data sources, the system generates a contextually rich threat response in real time, enabling security teams to respond to ransomware threats with a higher degree of accuracy and speed.
In the face of resource limitations, context-sensitive defense provides small security teams with the capability to mount a better defense against ransomware attacks as well. By automating the response based on available security data, this approach helps mitigate legal and financial risks, safeguard sensitive data, and fortify overall cybersecurity measures against ransomware attacks, even for resource-strapped businesses. This way, security teams can respond to ransomware attacks more quickly, and with a higher degree of accuracy, and ultimately prevent or at least contain such attacks.
An automated ransomware defense
There are a couple of crucial aspects to a context-sensitive defense. The first is the automated component, which applies more aggressive protection to a device being targeted by a “hands-on-keyboard” attack: activities that involve remote admin tools, untrusted executables or booting a machine in Safe Mode. The automated response of context-sensitive defenses will slow the attacker down, which is crucial for giving incident responders a chance to investigate what’s happening.
That brings us to the other action, or the critical attack warning aspect of context-sensitive defense. While detecting and disrupting attacks on individual devices, a critical attack warning is sent out to security and operations teams via email or push notifications. The notification informs them of the attack in progress. The warning provides these teams with a comprehensive summary of the threat activity, as well as risk score that estimates the attack severity, and detailed information on which devices are involved in the attack. They can then isolate these devices from the network immediately, preventing the attacker from gaining a foothold.
It's in these ways that context-sensitive defense significantly improves the response to ransomware attacks by applying proactive protection, adapting and automating endpoint security response, and aggregating and analyzing data from various sources in real time.