Organizations need to take steps to disrupt the ransomware industry by making these attacks more expensive to carry out, according to Jen Miller-Osborn from Palo Alto Networks' Unit 42. On the CyberWire’s Research Saturday podcast, Miller-Osborn discussed trends in ransomware targeting and tactics.
“Unfortunately, healthcare has been hit quite heavily, which is one thing that we really don't like to see,” she said. “But that's definitely been an area that's been a focus. What we've seen by far is manufacturing quite a bit. And then, you know, we're seeing kind of legal services, construction, high tech – it kind of runs the gamut from there. But if you look at this chart from a perspective of potential amount of money that could be made by ransoming these various organizations, you can see a lot of the focus is on organizations that potentially have larger resources and maybe more difficulty in recovering if they lose their data.”
Miller-Osborn added that even if a victim does pay the ransom, the recovery will still be very costly.
“A lot of times, the incident response can be just as expensive, if not more so, than the ransom was, which is another reason that organizations really need to pay attention that this is a legitimate problem and that you could potentially be out a lot of money one way or the other,” Miller-Osborn said. “So, you really want to really want to get ahead of that scenario and try and keep this from happening.”
Miller-Osborn explained that one of the only long-term strategies against ransomware as a whole is to affect its business model by making these attacks more difficult.
“One of the goals with publishing this paper and getting this data out there is by drawing attention to it, you'll get more organizations to improve their protections to further price out some of these other ransomware families,” she said. “And that's one of the key ways and one of the only things we can really do to stop this outside of law enforcement efforts. That, in conjunction with people recognizing this problem and doing better and better defenses will start to price out a lot of these different hackers because they aren't going to be able to continue to evolve at the same kind of speed.”
The vast majority of ransomware attacks begin with either a phishing email or a technical vulnerability like an exposed RDP port. New-school security awareness training can give your organization an essential layer of defense against ransomware.
The CyberWire has the story.