The onslaught of ransomware attacks has continued unabated, with a sevenfold increase in ransomware activity in the second half of 2020 over the first half of the year, according to the latest report from FortiGuard Labs.
Perhaps even more troubling is that cybercriminals have turned ransomware into a booming business, complete with help desk support for hapless victims.
“The newest ransom notes that we’re seeing in these targeted attacks are setting up channels to live chat support,” said Derek Manky (pictured), chief of security insights and global threat alliances at Fortinet Inc.’s FortiGuard Labs. “The victim would log in and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. They have a whole business strategy and plan in mind.”
Manky spoke with Lisa Martin, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed the lucrative state of ransomware attacks, what criminals are looking for, and ways that organizations can guard against a breach. (* Disclosure below.)
Highly profitable attacks
That ransomware attacks have reached a point where the criminals running them resemble sophisticated corporations should come as no surprise. Ransomware has become a big business.
“In one of the cases we worked on, they were making over $60 million in three months,” Manky noted. “They know there’s high stakes, so they are demanding high returns in terms of ransom.”
FortiGuard Labs’ report found that heavily targeted sectors included healthcare, professional and consumer services firms, public sector organizations, and financial services companies. In July, just under 2,300 devices were impacted by ransomware per day. By December, that number had skyrocketed to a daily infection rate of 17,200.
“The targeted attacks are more about execution,” Manky said. “They are doing more in terms of reconnaissance; they are spending more investment on weaponization, how they can actually get into the system, how they can remain undetected. They are going after intellectual property, things like source code and personally identifiable information.”
How can organizations avoid falling victim to these attacks? Multifactor authentication, patch management and use of network solutions for endpoint detection and response are always a good idea, according to Manky. But there is still the human element, when one person clicks on a malicious link.
“Start with the people,” Manky advised. “Humans are still often the weakest link in terms of education. You wouldn’t just invite a stranger into your house to open a package that you didn’t order, but people are doing this a lot of the time with email.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.