Ransomware Is More Real Than You Think
You have a teddy bear you want to love and protect. A big brother or sister takes the teddy bear and threatens to hold it for ransom until you pay up. What do you do?
The teddy bear analogy is certainly simplistic, but it also reflects the reality of the ransomware attacks that organizations increasingly face. Attackers block access to critical data in exchange for increasingly outlandish ransoms. According to a Palo Alto Networks’ Unit 42 report, the highest ransom in 2020 was $30 million, up from $15 million in 2019.
In this latest episode of The New Stack Makers podcast, we spoke with Jason Williams, product marketing manager for Prisma Cloud at Palo Alto Networks, about what organizations should do to protect themselves from ransomware attacks. Alex Williams, founder and publisher of TNS, hosted this episode.
The main thing that has changed about ransomware is not the nature of the attacks themselves, but how attackers have become more brazen, demanding — and in many cases receiving — larger sums than they did in the past. The attack lifecycle or the style of attack hasn’t really evolved over time — what has changed is the boldness of the person who planned the attack, Jason Williams said.
In today’s increasingly highly distributed and containerized environments and connected remote workers, attackers have more opportunities to enter a network and remain their undetected. They might patiently wait for weeks or months before figuring out how to orchestrate a lateral attack to gain access to critical data, encrypt it and then demand ransom to decrypt the data.
“You need to segment the network because not every application or every workload needs to communicate with each other just because it can.”
— Jason Williams, Palo Alto Networks
“When you go into a cloud, there’s a network that’s providing connectivity between all these different applications, all the VMs and containers and serverless functions and so on and so forth,” Jason Williams said. “Those things need a network to communicate and support the business and ransomware attackers leverage [those opportunities].”
However, before a ransomware attacker can access critical assets that “the network allows them to,” it is possible for the organization to limit access by segmenting the critical data, Jason Williams said. “You need to segment the network because not every application or every workload needs to communicate with each other just because it can,” Williams said.
The U.S. government released the memo “What We Urge You To Do To Protect Against The Threat of Ransomware” in June to communicate the magnitude of the ransomware threat, while calling on organizations both in the private and public sector to take stricter measures. The memo also outlined specific ways for organizations to protect themselves. These steps included improving backups, downloading security patches, implementing network segmentation and other protective measures. But, while all of these steps are important, patch management and isolating systems that are critical “away from systems that are less critical is particularly important,” Williams said.
“Those are a couple of best practices that personally I found interesting, when the White House really started highlighting them because, at Palo Alto Networks, that’s something we also believe that you should be doing as a best practice for cybersecurity to combat ransomware,” Jason Williams said.