The network is the biggest ally in ransomware attacks: research
The Vectra 2019 Spotlight Report on sheds light on the dangers of ransomware
Cybercriminals’ most effective weapon in a ransomware attack is the network itself, new research by Vectra says.
By leveraging the network, cybercriminals can enable the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-service (IaaS) cloud providers.
The Vectra 2019 Spotlight Report on Ransomware by the network threat detection and response (NDR) software vendor sought to shed light on the dangers of ransomware.
“The fallout from ransomware attacks against cloud service providers is far more devastating when the business systems of every cloud-hosted customer are encrypted,” said Chris Morales, head of security analytics at Vectra. “Today’s targeted ransomware attacks are an efficient, premeditated criminal threat with a rapid close and no middleman.”
Attackers today can easily evade network perimeter security and perform internal reconnaissance to locate and encrypt shared network files. By encrypting files that are accessed by many business applications across the network, attackers achieve an economy of scale faster and far more damaging than encrypting files on individual devices.
According to the report, recent ransomware attacks cast a wider net to ensnare cloud, data centre and enterprise infrastructures. Cybercriminals target organisations that are most likely to pay larger ransoms to regain access to files encrypted by ransomware. The cost of downtime due to operational paralysis, the inability to recover backed-up data, and reputational damage are particularly catastrophic for organisations that store their data in the cloud.
Ransomware is a fast and easy attack with a bigger payout than stealing and selling credit cards or personally identifiable information (PII), both of which have perishable values as time passes after their theft. Factor-in cryptocurrency as the ransom payment – an anonymous, hard-to-trace currency – and it’s easy to see why cybercriminals like ransomware’s clean, no-fuss business model.