The digital world, in 2020, is being buffetted, as probably never before, by the mayhem created by attackers using Covid-19 as a theme to target individuals and businesses of all sizes.
Seqrite, the cybersecurity security products and solutions brand of Quick Heal Technologies, in its latest quarterly threat report, has detected a 2X surge in ransomware attacks during the April-June quarter, at four lakh, in comparison with the first quarter of 2020.
While Maze continued to be a top threat for enterprises, other notable ransomware attacks detected in the quarter include Ryuk, Mailto aka Netwalker, HorseDeal & Gigabyte, RagnarLocker, PonyFinal, and Tycoon.
Researchers at Seqrite have observed a visible shift in the behaviour of threat actors with ransomware families using a two-pronged approach to target enterprises.
In addition to Maze, multiple ransomware families are now capable of stealing sensitive data besides holding the victim’s network to ransom, Seqrite mentioned.
This makes modern ransomware attacks even more dangerous with threat actors threatening to leak the stolen data if they are not paid. Organisations in sectors like BFSI, Manufacturing, IT/ITES, and Government are likely to be the primary targets due to the sheer amount of sensitive data they store, the cybersecurity company noted.
Speaking on the latest quarterly threat report, Sanjay Katkar, Joint Managing Director and CTO, Quick Heal Technologies, said in a statement: “Ransomware attacks have always been a concern for enterprises. But what makes them more dangerous is their innovative and evolving nature. While previously, threat actors used to block sensitive data and ask for a ransom in return, now they have evolved and become smarter than ever.”
He added: “Apart from demanding ransom from the victim, these evolved threat actors steal the encrypted data and sell it in the open market to make dual income. Through this report, we aim to spread maximum awareness around the innovative and rapidly evolving nature of ransomware and help businesses combat this situation.”
Maze continues to be top threat
Maze continues to be the top ransomware threat to enterprises for the past one year. It is popular for its new approach of attack where it publishes sensitive data of infected customers publicly using different techniques to barge in. For instance, it leverages exploit kits or email impersonation by sending emails with an attached Word document containing macros to activate malware in the system.
The combined tactics of damaging the victim system by collecting sensitive data and disrupting enterprise networks make Maze a notable threat to many organisations. Casualties of this ransomware include large corporates and PSUs, which came under the attack of Maze during the on-going pandemic, logging employees out of their systems through forced encryption of data.
Preventive measures to tackle threats
Researchers at Seqrite believe that enterprises need to follow the prescribed cybersecurity best practices to avoid falling victim to ransomware attacks. Some of the measures include: apply regular security patches and updates, use encryption & multi-factor authentication wherever possible, disable RDP and SMB ports when not in use, avoid falling prey to phishing scams by not opening suspicious emails, and use secure networks when working remotely.
Additionally, every company — no matter how big or small — should define a strong cybersecurity policy and adopt a multi-layered approach covering endpoints, network, data, and mobility. While evaluating security solutions, businesses should look for vendors that offer a combination of traditional signature-based as well as signature-less detections to tackle known and unknown or previously unseen malware.