Ransomware

4 Types of Ransomware Attacks That Will Sabotage Your Enterprise

Ransomware attacks are an unavoidable threat that even the head of the U.S. Cyber Command and director of the National Security Agency admits we will face every day for years to come1. When the target is your data, the best defense against ransomware is not a stronger perimeter, but cybersecurity policies that make your data more resilient in the face of these attacks.

Ransomware attack statistics

A Zero Trust security model assumes a cybersecurity breach is inevitable. The principles of Zero Trust focus on verifying every user, device, and application and granting the lower level of data access necessary for each individual to do their jobs.

151%

Increase in ransomware attacks in the first half of 2021 compared to the previous year2 according to the Communications Security Establishment.

$320M

Totalled demands from the 10 largest ransomware attacks of the past year, according to CRN3.

70%

Increase in ransomware attacks within the financial sector in the past 12 months with an average cost of $5.85 million dollars.

$40

Paid by the CNA Financial Corporation4 in one high-profile ransomware attack case.

239M

ransomware attacks healthcare organizations experienced in 2020, according to Security Magazine.

287

Days on average for a company to fully recover from a ransomware attack, according to the US Chamber of Commerce5.

A Far Reaching Impact

Ransomware attacks have a far-reaching impact that goes well beyond the cost of paying to retrieve critical data. The latest report from IBM and the Ponemon Institute found the average cost of a data breach has risen to over $4.2 million6. This includes the cost of downtime, data recovery, lost business and the cost of notifying customers and implementing stronger security protocols.

How to defend against four types of ransomware attacks

Ransomware attacks have become organized crime, with ransomware gangs recruiting highly skilled hackers to deploy increasingly sophisticated attacks. Here are four bad actors that should be on your radar and how to mitigate them.

 

REvil

Threat report: This Russian-led ransomware gang was responsible for several high-profile ransomware attacks, including the Colonial Pipeline attack and the attack on JBS Foods, and the Kaseya data breach7. The US Department of Justice indicted the group8 for cybercrimes following these attacks and the alleged theft of $6 million from a cryptocurrency exchange. The REvil ransomware gang's tactics9 include breaking into networks, exfiltrating data and even deleting and disabling data backup and recovery systems so companies are forced to pay ransom if they want to stay in business. It can even inject itself into the host’s processes to impact operations. While several members of the REVil’s ransomware gang were arrested in January, the ransomware itself still poses a threat.

Make Your Files Resilient to REvil Attacks

Conti

Threat Report: The Conti ransomware gang uses ransomware-as-a-service, meaning it pays other cybercriminals to gain access to networks primarily through malicious email attachments, stolen Remote Desktop Protocol (RDP) credentials, fake software advertised online and other means10, according to the Cybersecurity & Infrastructure Security Agency (CISA).

This Russian-based group has attacked more than 400 organizations worldwide11. It recently exploited the Log4Shell vulnerability12 to gain access to servers that would have otherwise been protected. Once the ransomware attackers gain access, they steal and encrypt sensitive data, demand ransom to decrypt it and also threaten to publicly release the data — known as double extortion. Conti ransomware can also infect other machines through shared drives and stop email, security and backup services.

LockBit

Threat report: LockBit, formerly known as “ABCD ransomware” for the file extension name it uses to encrypt files13, is another ransomware-as-a-service gang believed to be six times more active than Conti and much faster at data encryption compared to other groups14. The group recruits experienced penetration testers and sends them a cut of each ransomware payment. When a victim refuses to pay, LockBit steals their files and uploads their data to their own blog on the dark web.

Cybersecurity expert Kaspersky and others believe it’s part of a larger family of attackers known as LockerGoga & MegaCortex. According to Kaspersky, its attacks are “self-spreading and targeted, using tools like Windows Powershell and Server Message Block to spread.”

Malicious Delete/Destructive Malware

Threat report: One common malware attack technique is to destroy data to interrupt critical services or business operations. MITRE lists many different tactics for malicious data destruction15, including destroying files and folders, making deleted files unable to be recovered, and overwriting files.

A Carbon Black report shared in HIPAA Journal found 45% of healthcare organizations had experienced a ransomware attack that focused on data destruction in 2019.

How to mitigate and recover from ransomware attacks

A Zero Trust security model that includes multi-factor authentication and the principles of least privilege when it comes to accessing your network and your enterprise data is an important first step. CISA also recommends filtering network traffic, scanning for vulnerabilities and using detection response tools.

With ransomware attackers that focus on data destruction, backup and recovery systems are no longer enough. You need a system that eliminates data replication, ensures compatibility with object storage locations and allows you to restore files in real time.

While no single solution can guarantee protection against ransomware attacks, the best defense is to render your enterprise data unusable to attackers and enable immediate recovery of your most important files.

A Converged Data Security Platform

Myota ’s Converged Data Security Platform combines best practices for data encryption, data sharding, data dispersion and resiliency to help your company avoid the high costs and downtime of ransomware attacks. Your company can easily apply it to any of your existing storage platforms to protect critical data and restore previous file versions immediately. Discover how Myota helps your company recover faster from ransomware attacks. Schedule a demo today.
Download Diagram
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
Your Important File is Currently Unprotected
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
File is Placed Into the Myota Platform
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
File is Chunked and Encrypted
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
File Undergoes The Sharding Process
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
File Undergoes Zero Trust Data Dispersion
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
File Is Synced Back to Your Computer
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
You Retrieve Your Fully Protected File
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
Sharded File is Dispersed into Repo 1 For Secure Keeping
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
Sharded File is Dispersed into Repo 2 For Secure Keeping
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
Sharded File is Dispersed into Repo 3 For Secure Keeping
Icon_awesome-arrow-right
Icon_awesome-arrow-down.png
Icon_material-refresh
Sharded File is Dispersed into Repo 4 For Secure Keeping

1 The Record (Oct. 2021) | 2 Reuters (Dec. 2021) | 3 CRN (December 2021) | 4 Bloomberg (May 2021) | 5 US Chamber of Commerce | 6 IBM and the Ponemon Institute (2022) | 7 Reuters (Oct. 2021) | 8 The Verge (Nov. 2021) | 9 MITRE | 10 Cybersecurity and Infrastructure Security Agency (Sept. 2021) | 11 Bank InfoSecurity (Sept. 2021) | 12 ThreatPost (Dec. 2021) | 13 Kaspersky | 14 Security Intelligence (Sept. 2021) | 15 MITRE

Methodology Resource Image (1)
Resource

Myota Methodology

How it Works: Shred & Spread
Download
market-new
Resource

Myota Marketecture

The Myota Converged DSP
Download

Protect. Withstand. Backup. Restore.

Schedule a Demo Today