There have been a lot of changes in ransomware over time. We want to help you protect your organization from this growing attack trend.
The Colonial Pipeline ransomware attack is just part of a new onslaught of ransomware attacks that malicious actors are ramping up against high value victims. Why are we seeing this?
These malicious actors are after extortion money, and as such they are looking to target organizations that are more likely to pay if they can disrupt their business operations. In the past we saw this with targeting of government and education victims. The more pain that these actors can cause an organization, the more likely they will receive an extortion payment.
Ransomware attacks have gone through many iterations and we’re now seeing phase 4 of these types of attacks. To give you context, here are the four phases of ransomware:
The majority of the time now we’re seeing a double extortion model, but the main shift we’re now seeing is the targeting of critical business systems. In this latest case, it does not appear that OT systems were affected but the IT systems associated with the network were likely targeted.
That may change though as many organizations have an OT network that is critical to their operations and could become a target. In this blog post we highlighted how manufacturers are being targeted with modern ransomware and the associated impact.
Taking down the systems that run an organization’s day-to-day business operations can cause financial and reputation damage.
But there could also be unintended consequences of going after victims that are too high profile, and this latest might be one example of this. Bringing down a major piece of critical infrastructure for a nation, even if the motive is only financial gain, might incur major actions against the actors behind this attack. So in the future, malicious actors may need to assess the potential ramifications of their target victim and decide if it makes good business sense to commence with an attack.
We will continue to see ransomware used in the future, and as such organizations need to take the time to put in place an incident response plan focused on the new model of ransomware attacks. Some things to think about as you go about this:
For those organizations who have OT networks some key things to think about:
This latest attack is another call to action for all organizations to harden their networks against attacks and improve their visibility that malicious actors are in your network. Trend Micro has a multi-layered cybersecurity platform that can help improve your detection and response against the latest ransomware attacks and improve your visibility. Check out our Trend Micro Vision One platform or give us a call to discuss how we can help.