Transcription
THE RISE OF ENTERPRISERANSOMWARERisk exposure & strategies for mitigationwww.safe.security
SAFE SECURITYGUIDE TO ENTERPRISERANSOMWARE2
Safe Security Guide to Enterprise RansomwareOverview The rise of enterprise ransomware Ransomware is changing The cost and business impact of ransomware Global ransomware statistics and your exposure to attack How to stay one step ahead of attackers with breach prediction How SAFE works: Beyond a score3
The rise of enterpriseransomwareAs ransomware becomes more sophisticated, Big Game Huntingactivities have increased. Rather than synchronizing attacks onmultiple organizations, cyber criminals are focusing their efforts onlarge companies that will yield a higher return on investment.This form of cyberattack is known as enterprise ransomware.Ransomware goes from56-bit encryption to660-bit RSA public keyencrypitonEnterprise ransomware is very different to its predecessors:It aims to destroy, not encryptData backups alone will not resolvean attack200520062008Company credentials and data is likelyto be stolen and leakedAttackers aim to expose sensitive dataCustomers may be contacted directlyand threatenedWhen attacking organizations with deeper pockets,Scareware dominatedby fake AV and rogueutility toolscybercriminals seek to increase their financial gain withoutany increase in effort, which is why enterprise ransomwareattacks are so aggressive.4First variants of modernransomware appear inthe wild
Safe Security Guide to Enterprise RansomwareThe evolution of modern ransomware Local governmentpays 460K in ransomOver 10,000ransomware samples Ransoms set to 200Malware evolves frompushing rogue antivirus (AV)to encrypting files Law enforcementimitation ransomware Scaom program FileFix ProExtorts 40 to “help”decrypt files20092010BGH targets stateand local governmentsOver 4 millionransomware samples Ransomwareas-a-service appearsNation-statesponsored WannaCryand NotPetya combineworm-like techniquesto spread worldwide TeslaCrypt appears201320142015Over 250,000ransomware samples CryptoLocker appears Use of 2048-bit RSAencryption keys Ransomware set at 300Over 10,000ransomware samples Birth of Bitcoin Screen-lockingransomware appears CryptoLocker revenue: 30 million in 100 days20162017JavaScriptransomware appears Locky rise Hospital pays 17,000 ransom20182019Emergence of biggame hunting Ransomware revenue 1 billion5
EXEC U TIVE OVER VIEWRansomware is changingOne of the first ransomware attacks documentedwas the PS Cyborg. Harvard-trained evolutionarybiologist Joseph L. Popp sent 20,000 infected disketteslabelled “AIDS Information – Introductory Diskettes”to attendees of the World Health Organization’sinternational AIDS conference.Victims were asked to send 189 to a P.O. box in Panama torestore access to their systems.However, ransomware as an attack vector, was notcommon until the turn of the 21st century. The invention ofcryptocurrencies, such as Bitcoin in 2010, changed everything,providing an untraceable mode of payment and in 2011, as aresult, ransomware activities escalated. Approximately 60,0001new ransomware events were detected in 2011 and by 2012, thenumber more than doubled to over 200,000.61A Brief History of Ransomware Crowdstrike, A Brief History of Ransomware Varonis
Safe Security Guide to Enterprise RansomwareTraditional Ransomware Vs Enterprise RansomwareTraditional RansomwareEnterprise RansomwareTargetEvery attack targets multiple smallerorganizationsAttackers target one medium to large organizationat any one timeTacticsAttacks are automatedAttacks are deployed manuallyDeploymentAttackers aim to corrupt as manycomputers as possibleEach attack is highly targeted and controlled usingadministration toolsTimingUndertaken on an ad-hoc basisTimed to cause maximum disruptionRansomwareWannaCry, NotPetyaBitPaymer, SamSam, Dharma7
T H E C O ST A N D B U S I N E S S I M PA C T OF R A NSOMW A R EThe business impactof ransomwareIt is estimated that globally, a ransomware attackoccurs every 11 seconds. In 2020, the FBI reporteda 225% increase in losses caused by ransomwareattacks in the U.S. This year, global losses as aresult of ransomware damage are projected toreach 20 billion.On average, it costs organizations US 800,00 to rectify theimpact of ransomware attacks (considering downtime,people time, device cost, network cost, lost opportunity,ransom paid etc.). It is therefore not surprising that wehave witnessed an increase in the number of organizationswho are willing to pay a ransom in order to resume normalbusiness activities. However, of the 32% of organizations whopaid ransoms in 2021, 92% did not get their data back.Paying ransoms can ultimately double the cost of an attack– the cost to recover data and assume normal service arelikely to be the same whether the data is retrieved fromcybercriminals or restored from backups.81A Brief History of Ransomware Crowdstrike, A Brief History of Ransomware Varonis
Safe Security Guide to Enterprise RansomwareTop 5 areas of impact followinga ransomware attack1.Loss of Business Revenue: 66%2 of organizationsreported a significant loss of revenue followinga ransomware attack.2. C-Level Talent Loss: 32%3 of organizationsreported losing C-Level talent as a directresult of ransomware attacks3. Brand and Reputation Damage: 53%4 oforganizations indicated that their brandand reputation were damaged as a resultof a successful attack4. Redundancies: 29%5 reported being forced tomake redundancies due to financial pressuresfollowing a ransomware attack5. Business Closures: A startling 26%6 oforganizations reported that a ransomwareattack forced the business to close their businessfor some period of time.Cybereason. Ransomware: The True Cost to Business2, 3, 4, 5, 69
T H E C O ST A N D B U S I N E S S I M PA C T OF R A NSOMW A R EGlobal ransomware statisticsThe global impact of ransomware is significant. In the last year, over 50%7 oforganizations surveyed in 13 countries including the U.S. Germany, France, Indiaand Brazil have reported a ransomware attack.The most common sectors experiencing a ransomware event were the leisure, IT & telecoms and100energy/utilities industries – each reporting over 50% of organizations with experience of an attackin 2020.8 Other industries reporting high levels of ransomware attacks were professional services,construction, retail, financial services and manufacturing.82%Percentage of organizations hit by ransomware in the last year45%Global 3%55%57%45%30%In the last year, has your organization been hit by ransomware? Base: 5,000 respondents.Source: THE STATE OF RANSOMWARE 2020- Sophos10Sophos (May 2020). The State of Ransomware 20207, 858%59%60%60%63%65%
Safe Security Guide to Enterprise RansomwareUnderstand your exposure to attackThere are distinct signs that ransomware is notslowing down, we have already witnessed a41%9 increase in ransomware attacks since thebeginning of 2021 and a 93% increase yearon year.It is critical that organizations have the empiricalevidence to answer the following key questions:How secure are we?Do we know what our risks are?“Ransomware has evolved from an ad-hoc single attackAre we appropriately allocating resources?by cybercriminal groups. Since it is planned, it impliesAre we spending enough on cyber security?cybersecurity is very project-led and not event-led. WhenHow are we performing compared to otherorganizations?event to planned and systematic activity taken uponthat businesses can prepare to prevent it. Unfortunately,you ask a CISO about what their ransomware risk postureis in real-time, their answers are usually in terms of thingsthey have done - deploying EDRs, XDRs and Firewall orWhat improvements do we need to make?being NIST compliant but the ‘So What?’ of cybersecurityremains unanswered. Knowing your enterprise’s likelihood ofa ransomware breach can take you closer to an objective,unified and real time answer.” Saket Modi, CEO and CoFounder, Safe SecurityGartner’s analysis of clients’ ransomware preparednessshows that over 90%10 of ransomware attacks arepreventable, however in many cases, organizations areunaware of the risks they face and the performance of theirsecurity tools.9Checkpoint.com (June 2021). Ransomware attacks continue to surgeGartner (December 2019). Defend Against and Respond to Ransomware Attacks1011
Stay one step ahead of attackerswith breach predictionThere are a host of recommendations to helpprotect organizations from attack, includinginvestment in strong data backups, technology toprevent unauthorized encryption and ransomwarecybersecurity insurance coverage.It is important to implement a multi-layered approach toenhance defenses and protect data irrespective of whetherit is stored on the public cloud, private cloud or on premises.Such recommendations – although useful – are easiersaid than done. As organizations continue to invest incybersecurity services that cater to different aspects of theirstrategy, they are struggling to ensure their investmentscommunicate with each other and convey cyber risksacross the enterprise to senior decision makers. This resultsin jargon-rich cybersecurity efforts which deliver a disjointedcybersecurity strategy.12The solution to achieving a predictive approach toransomware attacks lies in an enterprise-wide breach-likelihood metric that spans all vectors including people,process, technology and third-party applications.
Safe Security Guide to Enterprise RansomwareEnterprise wide breach likelihood360 approach to Continuous, Dynamic & Intelligent Quantitative Cyber Risk ManagementRISK SCORE: EFFECTIVENESS & CAPABILITY MATURITYBreach Likelihood per Employee, Hybrid Asset,LoB/Crown Jewels and 1st/3rd Parties with 5-levelCMMC Mapping of 17 DomainsPEOPLEDriving theSecurity CulturePOLICYCyberSecurity Intent& GovernanceTHIRD PARTYContinuous Third PartyRisk Management (TPRM)TS T O S AFECYBERSECURITY PRODUCTSCyberSecurity ControlsFramework & Toolsts from SAtpuFEOuINPUTECHNOLOGYResiliency of yourHybrid Tech Stack RISK & CYBER INSURANCEAnalyse risk you are sitting on andhow your cyber insurance value canvary based on your SAFE scoreCONTINUOUS COMPLIANCEHow Comprehensive is yourcybersecurity complinace coverageATT&CK & HACK SIMULATIONAtt&ck Matrix and a simulationof recent Hacks to view howSAFE you are?REPORTING & ACTIONABLE INSIGHTSView what’s going well and what andwhere can controls be improvised13
Beyond a score: How does SAFE work?The solution to having a predictiveapproach to ransomware attacks liesin knowing an enterprise-wide breachlikelihood metric. This metric shouldspan across all vectors of people,process, technology and third-party.The individual cybersecurity productsfor these vectors give signals that areaggregated together. Using realtime machine learning-enabled riskquantification, a ransomware breachlikelihood score is generated for everyemployee, endpoint, cloud asset,business unit and more.Safe Security’s unique approach predicts where cyberbreaches may occur and delivers prioritized, actionableinsights through three main deliverables:1. Real time visibility of exposure to an attack througha single pane of glass view of your security status2. Assessment of an organization’s ability to manage,measure and mitigate ransomware threats acrossthe entire security stack3. Documented evidence collated and prioritized ina single report to help teams communicate thespecific cyber risks facing their businessTo understand your breach likelihood and learnmore about our approach to improving yoursecurity posture, get in touch todaywww.safe.security14
Safe Security Guide to Enterprise Ransomware15
www.safe.security info@safe.securityStandford Research Park,3260 Hillview Avenue,Palo Alto, CA - 94304
- the cost to recover data and assume normal service are likely to be the same whether the data is retrieved from cybercriminals or restored from backups. The business impact of ransomware THE COST AND BUSINESS IMPACT OF RANSOMWARE 8 1 A Brief History of Ransomware Crowdstrike, A Brief History of Ransomware Varonis. Top 5 areas of impact following a ransomware attack 1. Loss of Business .
