Cobwebs Technologies announced today that its solutions can help organizations to face the growing wave of ransomware threats. Ransomware attacks can cost companies millions of dollars and impact the brand and reputation of the victimized organization. 27% of malware incidents reported in 2020 were attributed to ransomware attacks by threat actors who compromised organizations using malware to encrypt their information and hold hostage for ransom. With the migration to remote work due to COVID-19, cyberattacks increased exponentially during 2021 with high-profile ransom attacks against critical infrastructure, private companies, and municipalities. The ransom paid has also increased, in some cases reaching tens of millions of dollars. Furthermore, ransomware attacks have also become more sophisticated, using obfuscation and anonymous payment techniques, such as being paid in cryptocurrency to websites on the dark web, to avoid detection. Well-organized criminal organizations focus their attacks on exfiltrating company information after they have done their due diligence to understand their victim’s financial picture and the industry it operates in. They also deploy malware to encrypt company systems, including backup systems, to exfiltrate vast amounts of protected data. When victims refuse to pay, their data will be posted, and often also sold, on the dark web. But even when victims pay, there is no guarantee that they will receive the decryption key to regain access to their encrypted systems and data.
When hit by a ransomware attack, companies should follow their incident response plan and inform senior management, the legal department, and regulatory authorities as required by law. The next step is for the CISO and cybersecurity teams to investigate the incident for mitigation. If the victimized company has insurance, then the insurance company must be notified as well before negotiating or paying any ransom.
There are a number of steps that organizations can take to reduce the risk of a ransom attack, as well as the risk of damage if an attack occurs.
Having an up-to-date inventory of the organization’s key digital assets. This starts with a comprehensiveidentification program, as well as the physical and digital location of said assets. These assets include computer networks, databases, online digital services, and digital communication channels. By proactively scanning the organization’s digital footprint, the cybersecurity team can identify and locate existing and new key digital assets that could be potential targets.
Having an early warning system in place that scans online platforms for danger signs. Using a list of relevant keywords and phrases, all layers of the internet are searched and cross-referenced with e.g., the names of threat groups, threat actors, and types of attacks for actionable intelligence.
Uncovering the identity of threat actors and groups that are targeting the organization. By following their digital footprints on the surface, deep, and dark web, the identities of these threat actors can be revealed for actionable follow-up.
Locating compromised digital assets in a timely manner. Once an organization is breached and digital assets are compromised, the CISO and cybersecurity team must take quick action. The organization’s recovery plan plays a crucial role to identify and recover the compromised data as quickly and easily as possible.
Inadequate event resolution due to reactive, instead of proactive, cybersecurity. A lack of timely event resolution results in a slower response time and more damage. A proactive approach, such as the continuous scanning of all layers of the internet as mentioned above, reduces the time to resolution and limit damages.
For the five steps described above, an organization needs a web investigation solution that enables CISOs and cybersecurity teams to harness relevant data using OSINT methods for analyzing malicious activities in real-time and present the results in a comprehensive reports. This allows organizations to identify threat actors as well as high-risk data related to ransomware and other cyber attacks for mitigation and follow-up.