Ransomware has been big news this year. In March, the REvil/Sodinokibi ransomware gang infected Acer and demanded $50 million—the highest ransom demand from any ransomware group up to that point. That same gang then turned around a month later and demanded the same ransom from Apple after it failed to coerce Quanta Computer, one of the tech giant’s business partners, into paying up.
A few more weeks went by before we learned that the DarkSide ransomware gang had struck the Colonial Pipeline Company and disrupted the flow of 100 million gallons of fuel across the eastern portion of the United States, driving up gas prices and causing panic buying. About two months after that, the REvil/Sodinokibi operation perpetrated a supply chain attack against Kaseya that affected at least one thousand companies worldwide.
These incidents, among others, have helped to elevate the status of ransomware as an international security issue. This is especially apparent in how U.S. President Joe Biden has ramped up pressure on Russian President Vladimir Putin to bring ransomware groups operating in Russia to justice. As he recounted to Reuters in early July:
“I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil even though it's not sponsored by the state, we expect them to act if we give them enough information to act on who that is.”
He went on to hint that the United States might digitally retaliate if President Putin failed to cooperate and if ransomware attacks emanating from Russia continued unabated.
The attention surrounding ransomware might be unprecedented this year. But what President Biden is asking for isn’t unrealistic. Law enforcement has brought ransomware actors to justice in the past. Let’s look at a few examples:
Notwithstanding the instances discussed above, arrests and other law enforcement operations haven’t significantly affected the ransomware threat landscape. The issue is that new ransomware operations are springing up all the time. What’s more, even those groups targeted by law enforcement don’t always go away. Such was the case with Clop when it published data from two victims just days after the arrests in Ukraine, per TechCrunch.
Organizations can’t rely on police takedowns to eradicate the ransomware threat for good. Instead, they need to focus on preventing a ransomware attack. They can do this by first understanding that every ransomware attack is unique. As such, security firms might not have detection rules for every ransomware instance.
The best strategy for organizations is to prevent a ransomware attack from being successful in the first place. To do that, they need to invest in a multi-layered solution that leverages Indicators of Behavior (IOBs) to detect and prevent a ransomware attack at the earliest stages of initial ingress, prior to the exfiltration of sensitive data for double extortion, and long before the actual ransomware payload is delivered.
The Cybereason Operation-Centric approach provides the ability to detect ransomware attacks earlier based on rare or advantageous chains of malicious behavior. This is why Cybereason is undefeated in the battle against ransomware and delivers the best prevention, detection, and response capabilities on the market.
Cybereason is dedicated to teaming with defenders to end cyber attacks from endpoints to the enterprise to everywhere - including modern ransomware. Learn more about ransomware defense here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.