Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


By Rick McElroy, Principal Cybersecurity Strategist, VMware


Ransomware made mainstream news when cybercriminal group, DarkSide, launched an attack on U.S. fuel company Colonial Pipeline, which carries nearly half the fuel consumed along the U.S. East Coast. The disruption of critical infrastructure and the impact on our daily lives was a sobering reminder of the havoc that a successful cyberattack can wreak.

While its scale and impact grabbed headlines, this attack is only symptomatic of a dramatic resurgence in ransomware campaigns over the past year. Alongside an increase in the number of attacks, VMware found ransomware groups are becoming even more organized and sophisticated, while the rise in ransomware-as-a-service is enabling a much broader cybercriminal base to execute attacks using existing tools.

Understandably, this adds to the pressure already felt by CISOs, who are defending a more distributed environment than ever before.

Ransomware is a leading cause of security breaches worldwide

VMware surveyed 3,542 CISOs across 14 countries for its recently published Global Security Insights report and found ransomware attacks were the dominant cause of breaches for organizations. The average number of ransomware attacks organizations experienced have doubled over the past year. Additionally, the VMware Threat Analysis Unit identified a 900% increase in ransomware over the first half of 2020.

Malicious actors have spent the pandemic capitalizing on the rapid adoption of an anywhere workforce and the use of personal devices and networks by remote workers.  Attackers now have an unprecedented opportunity to launch social engineering attacks, such as phishing, on unsuspecting employees.

No industry was off limits to attackers, either. The healthcare sector – already in the grip of pandemic response – was disproportionately targeted with ransomware in 2020. One in five breaches reported by the healthcare CISOs we surveyed were caused by ransomware. In the same way that DarkSide targeted critical national infrastructure, ransomware groups have looked to cash in on the healthcare sector, an industry more likely to pay due to their critical nature of their business.

Double extortion tactics pile pressure on victims

New tactics are making ransomware a much more nuanced threat, too. Instead of locking up systems immediately, attackers are aiming to infiltrate systems undetected and establish persistence on the target network, moving laterally and extracting data that can be monetized even if no ransom is ultimately paid. A system encryption and ransom demand will not be made until the perpetrator has covered their tracks and established a route back into the target network.

This gives cybercriminals greater hold over victims. As well as needing to decrypt their systems, organizations also face the possibility that critical assets such as customer data or trade secrets will be released for sale to the dark web and the breach will be made public. The reputational and regulatory risk tied to ransomware means the pressure to pay ransoms is often significant. However, unless the attacker’s presence in an organization’s network is fully removed, they are likely to return for another strike on a target that has shown willingness to pay.

The cybercriminal community has capitalized on the growing profitability of this approach, with nearly 40% of security professionals saying double-extortion ransomware was the most observed new ransomware attack technique in 2020.

Strengthening defenses against ransomware

As businesses adapt to supporting the anywhere workforce and malicious actors continue to target the expanded threat landscape, CISOs have a once-in-a-generation opportunity to strengthen defenses against ransomware and protect their organization by:

Delivering security as a distributed service: To protect the anywhere workforce, regardless of the devices and networks workers are using, deliver endpoint and network controls as a distributed service that follows the assets being protected throughout the environment.

Prioritizing visibility: Better visibility over endpoints and workloads delivers contextual insight and situational intelligence to help defenders prioritize and remediate risk with confidence.

Conducting regular threat hunting: The first step of a multistage ransomware campaign is gaining undetected access to networks. Regular threat hunting can detect silent incursions and the presence of adversaries in the environment by spotting anomalous behavior.

Keeping monitoring “quiet” to avoid counter-incident response: Assume the adversary has multiple means of gaining access to the environment. Watch and wait before taking action – don’t start blocking malware or terminating C2 systems until you are sure you understand all possible avenues of re-entry.

Engaging with an incident response partner: It is not a matter of if, but when organizations will be targeted, so it is essential to be prepared. Engage with an IR partner to devise a response plan and retain them to put it into action when needed. This should include post-incident remediation and analysis to root out any remaining adversary presence and avoid repeat attacks.

As organizations rethink their approach to security, defending against ransomware should be a top priority as the impact and scope of attacks increases. The anywhere workforce must be supported by a security strategy that surrounds and protects employees to let them work safely and productively without putting the infrastructure, reputation, and competitive position of the business at risk.


Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts