Latest Ransomware Trends: Lessons to Learn
Learning From Difficult Recoveries and Advice in Government Alerts
… Clearly, there are no guarantees that all data will be recoverable after a ransomware attack, says Keith Fricke, principal consultant at tw-Security.
“Confidence is usually high that backed-up data can be fully restored as long as ransomware-encrypted files have not become part of the backup, attackers haven’t sabotaged backups and IT regularly monitors backups for successes and failures, correcting issues as necessary,” he notes.
In some cases in which entities paid hackers for ransomware decryption keys, however, “some encrypted files were not recoverable due to becoming corrupted,” he adds.
… Criminals often spend weeks or even months leveraging unauthorized access to internal networks to perform reconnaissance, Fricke notes.
“Learning the lay of the land helps the attackers maximize ransomware deployment,” he says. “The shorter time between unauthorized access and launching attacks may be because more organizations have improved monitoring and detection capabilities. Consequently, criminals have less time to act before being discovered and shut down.”
… To prepare for mitigating the impact of ransomware attacks, Fricke suggests organizations consider increasing the frequency of incremental backups and outsourcing monitoring of networks and systems. “Criminals may shift attack windows to nighttime when staff are not actively monitoring,” he notes.
… Fricke of tw-Security notes: “As long as criminals are making money from ransomware attacks, the attacks will continue and the sophistication will evolve, too.”