Ransomware: Threat And Containment

By: Yasmin Ranade

August 21, 2019

At the International Cyber Security & Intelligence Conference in Toronto that took place July 16-19, 2019, Myla Pilao, Director for Technology Marketing at Trend Micro, addressed new trends in ransomware activity and mitigating tactics that can be employed. I asked Pilao for her thoughts about the evolution of ransomware, who is being impacted and how cyberattacks can be halted.

What is ransomware?

Ransomware is a form of digital extortion, first introduced in 2007.  Pilao explained, “It is a type of malware, which locks a user’s computer or encrypts their files, holding them ransom until a fee is paid to the cybercriminals holding the information and files hostage.”

“Historically, ransom attacks were targeted at end users,” said Pilao. “More recently, however, we’re seeing a transition towards highly targeted attacks with the most significantly impacted victims being enterprise and critical infrastructure industries.  These industries include transportation, healthcare, oil and gas, high-tech manufacturing and organizations that demand high digital connectivity.”

Myla Pilao,
Director for Technology Marketing., Trend Micro

On the positive side, Pilao added, “We know that they have become more sophisticated in their techniques and now have the confidence to execute more significant campaigns.”

“At the International Cyber Security & Intelligence Conference in Toronto in mid-July, I had the opportunity to discuss the silent evolution of ransomware and the risks posed to businesses,” began Pilao.

“While we may not be hearing about attacks as significant as WannaCry and NotPetya, ransomware cases that are reported indicate evolving approaches and hint at brewing underground activity – the silent evolution,” stated Pilao. She added, “During the ICSIC, we unearthed new trends in ransomware activity – including that they are spanning larger and deeper surfaces.”

“Cybercriminals are increasingly aiming at the main controller of network systems, including access to servers, exchange, active directory and so forth. This results in access to commands across the network. Recent examples such as LockerGoga, Ryuk, MegaCortex and Clop, show that as oppose to targeting one or two key areas, cybercriminals are targeting the entire system.”

Technologies and tech expertise to combat and contain ransomware attacks exists.

Said Pilao, “One of the most efficient methods of ensuring that company’ data is protected even in the event of successful ransomware attack is to regularly back up files. The best practice for backing up files and data is to follow the 3-2-1 rule — 3 different copies stored in 3 different places, in 2 different formats with at least 1 copy stored offsite.”

Updating software and operating systems to the latest versions can also help prevent cybercriminals from abusing vulnerabilities in older software to spread ransomware,” explained Pilao.

“Protecting the network against ransomware through network segmentation,” added Pilao “improves security by allocating user-specific resources which minimizes the ways for attackers can move within the network.”

Pilao also suggested, “Businesses should also ensure they have a multilayered security solution in place and work towards building a culture of security within the workplace by fostering security awareness and educating employees how to spot social engineering techniques.”

Does Canada have the right technologies and talent in place to thwart ransomware attacks?

Pilao thinks so, in terms of tech. “Canada is well-equipped to tackle ransomware given the level of IT hygiene and modern systems.”

More cautiously she added, “While Canada stacks up well compared to other countries globally and is seeing a trend of decreasing ransomware infections, it has a large presence of critical infrastructure and therefore remains susceptible to threats.”

“In terms of Canadian talent, availability of talent in infosec lacks in the numbers. This applies not only to organizations who lack the personnel who have experience and skills, but even those using powerful security technology might not have the right people to maximize them.”

I agree. Cybersecurity is a tech field that does and will require more of our tech talent.

Leave a Reply

Your email address will not be published. Required fields are marked *