2020 will go down in history for all the wrong reasons partly because of the mayhem created by attackers using Covid-19 as a theme to target individuals and businesses of all sizes. In its latest quarterly threat report, Seqrite has detected a 2X surge in ransomware attacks during the April-May-June quarter, standing at 4 lakhs, in comparison with the first quarter of 2020. While Maze continued to be a top threat for enterprises, other notable ransomware attacks detected in the quarter include Ryuk, Mailto aka Netwalker, HorseDeal & Gigabyte, RagnarLocker, PonyFinal and Tycoon.
Researchers at Seqrite have observed a visible shift in the behavior of threat actors with ransomware families using a two-pronged approach to target enterprises. In addition to Maze, multiple ransomware families are now capable of stealing sensitive data in addition to holding the victim’s network for a ransom. This makes modern ransomware attacks even more dangerous with threat actors threatening to leak the stolen data if they are not paid. Organisations in sectors like BFSI, Manufacturing, IT/ITES and Government are likely to be the primary target due to the sheer amount of sensitive data they store.
Seqrite’s industry-leading GoDeep.AI platform played a pivotal role in mitigating these threats. The platform leverages a combination of Signature-less and Signature-based detections, which are backed by patented technologies to proactively detect and block known and unknown ransomware attacks. The patented technologies includes Seqrite’s flagship Anti-Ransomware technology that leverages advanced algorithms to conduct focused activity-based detection while also empowering enterprises to recover critical data in case of a breach.
Speaking on the latest quarterly threat report, Sanjay Katkar, Joint Managing Director and CTO – Quick Heal Technologies, said, “Ransomware attacks have always been a concern for enterprises. But what makes them more dangerous is their innovative and evolving nature. While previously, threat actors used to block sensitive data and ask for a ransom in return, now they have evolved and become much smarter than ever. Apart from demanding ransom from the victim, these evolved threat actors steal the encrypted data and sell it in the open market to make dual income sources. Through this report, we aim to spread maximum awareness around the innovative and rapidly evolving nature of ransomware and help businesses combat this situation.”
Maze continues to be a top-most threat to consumers and enterprises
From the house of ransomware, Maze continues to be the top ransomware threat to enterprises for the past one year. It is popular for its new approach of attack where it publishes sensitive data of infected customers publicly using different techniques to barge in. For instance, it leverages exploit kits or email impersonation by sending emails with an attached Word document containing macros to activate malware in the system.
The combined tactics of damaging the victim system by collecting sensitive data and disrupting enterprise networks make Maze a notable threat to many organizations. Casualties of this ransomware include large corporates and PSUs, which recently came under the attack of Maze during the on-going pandemic, logging employees out of their systems through forced encryption of data.
Preventive measures to tackle modern Ransomware threats
In times of the Covid-19 Pandemic, when businesses are already suffering from losses, they can’t afford to lose their focus on cybersecurity. At this critical juncture, researchers at Seqrite believe that enterprises need to follow the prescribed cybersecurity best practices to avoid falling victim to ransomware attacks. A few of the measures include: apply regular security patches and updates, use encryption & multi factor authentication wherever possible, disable RDP and SMB ports when not in use, avoid being prey to phishing scams by not opening suspicious emails, and use secure networks when working remotely.
Additionally, every company – no matter how big or small – should define a strong cybersecurity policy and adopt a multi-layered approach covering endpoints, network, data and mobility. While evaluating security solutions, businesses should look for vendors that offer a combination of traditional signature-based as well as signature-less detections to tackle known and unknown or previously unseen malware.