Ransomware has become the most significant cybersecurity threat today, affecting large multinational organizations and the smallest of entities. 勒索软件攻击的风险较低, 罪犯的高回报机会, as little effort is required to access sensitive information and demand bounties that can cause extensive harm to businesses—especially small- to medium-sized companies.
The RSM US Middle Market Business Index 2022 网络安全 Special Report found that 41% of middle market executives know of a company targeted by a ransomware attack, and 23% of executives experienced an attack themselves in 2021. 在目前的环境下, 不作为不是一种选择, and companies must take proactive steps to address expanding and evolving ransomware risks.
为了增加不断变化的威胁形势, cybercriminals have taken advantage of the exponential growth of ransomware-as-a-service (RaaS), a service model where sophisticated threat actors develop and sell ransomware platforms to other threat actors. Now, cybercriminals no longer need to be highly technical to launch a cyberattack on an organization, so potentially lucrative ransomware attacks are rapidly increasing.
RaaS模型是如何工作的?
The RaaS model provides the purchaser with extensive training, reference materials and malicious code that can be used to launch a ransomware attack. Here are some key takeaways for understanding how RaaS works.
RaaS providers typically use several different purchase models
- 订阅: The RaaS provider receives a predetermined cryptocurrency payment for a finite period of usage.
- 分支机构: The RaaS provider receives a recurring fee plus a percentage of the ransom payment.
- 购买: RaaS提供商向购买者出售套件.
The attacks leverage well-established hacking tools (i.e., Mimikatz), while employing current vulnerability and penetration testing tools (i.e.(钴罢工). These attacks are designed to not only exploit well-known, existing vulnerabilities but also take advantage of new zero-day vulnerabilities. Threat actors have developed elaborate social engineering and intelligence-gathering methods to cause significant devastation for a victim when a ransomware attack is launched.
How to protect your organization from ransomware attacks
The reality is that ransomware will continue to be an ongoing threat to organizations, and there is no way to completely remove the risks. However, the following actions can help reduce the potential success of an attack.
随时了解新的漏洞
The National Institute of Standards and 技术 (NIST) published 帮助抵御威胁的信息 并从潜在的勒索软件攻击中恢复过来. 此外, US-CERT-CISA regularly posts updates on new vulnerabilities and attacker tactics, 技术和程序(TTP)趋势.
确保你有备份
It is important to have backups not just for business continuity and disaster recovery, but also to be able to restore critical data if a ransomware attack occurs. The trusted, age-old 3-2-1 backup rule will help protect backups from attackers. 别忘了,攻击者也上夜班, 周末和节假日, 所以你应该定期和频繁地备份.
Implement advanced endpoint detection and antivirus protection
而攻击者则使用已建立的http, they are also attacking new vulnerabilities and constantly updating their tool sets. Have a robust and properly configured defense system in place to identify and minimize potential attacks before they gain traction and affect your environment.
是否有事件响应计划
Develop a strategy that outlines how your organization will respond if you suffer an attack. A ransomware situation is a chaotic event; the longer it takes you to respond to an attack, 成本就会越高. 勒索软件一直是一个问题, but the rapidly changing threat landscape is increasingly affecting companies of all types and sizes. Every organization should create a security approach that includes strategies to both prevent and remediate ransomware attacks. A strong security plan can limit financial exposure and reduce downtime.
