We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2023 - Sherri Davidoff & Matt Durrin - Ransomware: New Trends & Prevention Strategies
New trends in ransomware, including faster infection times and franchise models, pose significant threats to businesses. Learn how to prevent and respond to attacks with expert strategies and tips.
- New trends in ransomware include faster infection times, increased use of caller ID spoofing, and more sophisticated attacker tactics.
- Ransomware actors are using franchise models and detailed playbooks to carry out attacks.
- Conti, a well-known ransomware gang, was found to be using a franchise model and had a playbook that included steps for attackers to follow.
- Newer ransomware variants can now encrypt files on cloud shares and can also exfiltrate data to the attackers’ servers.
- Businesses should prioritize threat hunting and prevention strategies to detect and prevent ransomware attacks.
- Cyber insurance policies may not cover all losses, and companies should carefully review their policies to ensure they have sufficient coverage.
- Ransomware gangs are increasingly using social engineering tactics, such as phishing emails, to infect victims’ systems.
- Attackers are also using remote access trojans (RATs) and are exploiting vulnerabilities in hypervisors, such as ESXi hosts, to gain access to victims’ networks.
- Companies should prioritize employee education and training to prevent social engineering attacks, and should also implement robust security measures to prevent ransomware infections.
- Companies should also have a formalized incident response plan in place, including procedures for backups, data recovery, and communication with stakeholders.
- Ransomware attacks can have significant financial and reputational consequences, and companies should prioritize prevention and preparation to minimize the impact of an attack.
- Cyber extortion is a growing problem, and companies should be aware of the legal implications of paying ransom demands.
- Conti, a well-known ransomware gang, has been linked to several major attacks, including one on MGM in 2021.
- The Conti playbook includes steps for attackers to follow to gain access to victims’ systems and encrypt files.
- Ransomware actors are also using social media to promote their attacks and engage with victims.
- Companies should prioritize encryption and data backup strategies to prevent data loss and protect against ransomware attacks.
- Employees should be trained to recognize and report phishing emails and other social engineering tactics.
- Companies should have a formalized incident response plan in place, including procedures for backups, data recovery, and communication with stakeholders.
- Ransomware attacks can have significant financial and reputational consequences, and companies should prioritize prevention and preparation to minimize the impact of an attack.