It’s hard to think ransomware was slowly paling into insignificance a few quarters ago, the cyber industry had got better at tracking and nipping-it early, enterprises pushed for better host security; patching, preventing the ‘calls’ that trigger the most dangerous executables and of course decent MS in-built controls were enabled, all of which went a long way in stopping ransomware.
It took one or two anomalies to trigger a resurgence in criminal activity, those one or two anomalies would be enough to divert the attention of malware creators worldwide to double down on the lucrative returns Ransomware offers. The Pipeline wasn’t the anomaly, it was the time between Feb-July 2020 (the C-19 timeline). The pipeline was the iceberg tip - there were plenty of reported and unreported activity spiking Ransomware before American fuel was in the headlines.
Should paying for ransomware be illegal? Maybe. Would it further drive the disclosure and payment systems underground? Also maybe. The double and triple extortion methods recently employed by the organised group behind ransomware simply highlights the entrepreneurial aspirations behind this lucrative business. I think it’s here to stay, the malware writers are getting better, the payload aversion will naturally get smarter.
The advice I’m currently giving myself;
- Patch relentlessly
- Back-up the back-ups (offline)
- Use plain text email, don’t accept attachments
- Keep thinking about lateral movement (and how to stop it).
- If I had a business – using EDR + Browser Isolation Technology + a Sandbox for every attachment.