Hackers are bundling up this fall as they seek to freeze your data.
A collection of 2018's most potent strains of ransomware is making the rounds in a bundle deal on the dark web.
While crime as a service is nothing new, this bundle deal is outside of the norm of what we typically see and demonstrates the evolution and professionalism of cybercriminals.
What is Crime as a Service?
Crime as a Service (CaaS) is an illegal offering on the Dark Web assembled by a group of cyber criminals containing packages of advanced hacking tools such as ransomware. These kits are sold to other criminals who lack the technical skills to execute cyber attacks on their own. CaaS is a major concern because it lowers the bar of entry to launch advanced attacks and therefore accelerates the overall rate of cyber attack deployment.
For $750 you can purchase the bundle and receive 23 variants of ransomware. Included is the notorious SamSam strain that shuttered Colorado's Department of Transportation, locked up patient histories at an Indiana hospital, and cost the city of Atlanta $2.6 million to recover after SamSam critically disrupted their municipal operations.
For less skilled criminals, the bundle includes a "how-to" tutorial for attack deployments as well as additional guidance on exploiting vulnerabilities to maximize the odds of executing a successful attack.
Crime-as-a-Service has always held the potential to wreak havoc on organizations, but this bundle offer has the potential to cause exponentially more damage than traditional offerings.
With 23 different variants of ransomware at their disposal, a criminal has many options to extort a ransom from their victim. If an attacker deploys one strain of ransomware to exploit a vulnerability only to find the vulnerability patched, they have 22 other strains to test that explore different vulnerabilities.
If it at first they don't succeed, they can try, try again, and again, and again. The cheats, creeps, and thieves will keep testing their malware until they find the right strain to exploit existing vulnerabilities in your network.
How can you protect your organization from ransomware?
There isn't one single solution that can prevent ransomware from hitting your organization. You need multiple layers of protection to mitigate your risks in today's threat landscape.
A defense in depth strategy that couples multiple best practices will go a long way in safeguarding your network environment.
Frequently, malware is delivered via emails. If you or one of your employees clicks on a malicious email, then your whole organization could become infected. Utilizing a spam filter that identifies malicious emails can stop malware in its tracks, preventing it from ever reaching your inbox.
Monitoring the traffic coming into your network can also help prevent ill intended traffic from reaching you and your end-users. A Managed Security Service Provider will do just that to make sure all angles of your network are protected, and watched; inside, outside, and your end users.
One action you can take today that won't cost you a dime is implementing the proper policies on your network. When working in tandem, policies of least privilege, constant patching, and training can help prevent ransomware from taking it necessary actions to execute its nastiness.
If you want to avoid being the next ransomware victim, your best bet is to implement a strategy that leverages technology (like spam filtering), third-party experts (like an MSSP), and the right policies and procedures on your network.
Read More:
Originally published on 11/26/2018
Topic: Ransomware as a Service