Overview
Ransomware, once simply a nuisance strain of malware used by cybercriminals to restrict access to files and data through encryption, has morphed into something far worse. While the threat of permanent data loss alone is jarring, cybercriminals and nation-state hackers have become sophisticated enough to use ransomware to penetrate and cripple large enterprises, federal governments, global infrastructure, and healthcare organizations.
The 2017 WannaCry cryptoworm, which hit 230,000 computers globally by exploiting a vulnerability in Microsoft Windows, served as a high-profile marker of the threats ransomware presents. Since then, attackers have only become more sophisticated and attacks more pervasive. This includes the emergence of ransomware as a service (RaaS), in which hackers sell their service. Akamai’s Ransomware Threat Report, H1 2022, evaluated the attack patterns of Conti, a notorious RaaS group that was first detected
in 2020 and appears to be based in Russia. The analysis hints at the need for strong protections against lateral movement and the critical role those protections can play in defending against ransomware. What’s more, it found that the overwhelming majority of Conti victims are businesses with US$10 million to US$250 million in revenue.
Microsegmentation reduces the implicit trust in the network by allowing only connectivity explicitly defined by policy, thereby enforcing leastprivilege access across applications for machine-to-machine traffic. — Forrester, Best Practices For Zero Trust Microsegmentation, June 27, 2022
It’s a clear sign that organizations of all sizes are at risk due to a mix of outdated technology, “good enough” defense strategies focused solely on perimeters and endpoints, a lack of training (and poor security etiquette), and no known “silver bullet” solution. In fact, the Cybersecurity Ventures Who’s Who In Ransomware: 2023 Report predicts that by 2031, ransomware is expected to attack a business, consumer, or device every two seconds.
It depends on lateral movement
A ransomware attack begins with an initial breach, often enabled by a phishing email, a vulnerability in
the network perimeter, or a brute-force attack that creates openings while distracting defenses away
from the attacker’s actual intent. Once the malware has landed in a device or application, it proceeds
through privilege escalation and lateral movement — across the network and multiple endpoints to
maximize the infection and encryption points.
Attackers will typically seize control of a domain controller, compromise credentials, then find and
encrypt the backup to prevent the operator from restoring the frozen services.
Lateral movement is critical to the success of an attack. If the malware can’t spread beyond its
landing point, it’s useless; therefore, prevention oflateral movement is essential. The visibility and
segmentation features in a solution like Akamai Guardicore Segmentation enable you to quickly
set up policies that prevent and contain an initial breach. You’ll also be alerted to lateral movement
and other suspicious behaviors to help detect malware early, so you can react right away.
Download & read the complete whitepaper below 👇👇👇
