What’s Next for Ransomware?
History teaches us that cybercriminals will continue to exploit changes in technology and society to inflict their ransomware attacks. In essence, ransomware is going to keep evolving.
Three new areas where the dirty tentacles of ransomware are starting to reach
Public Cloud Ransomware
Service Provider Attacks
Encryption Free Attacks
Public cloud ransomware is ransomware that targets and encrypts data stored in public cloud services like Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP). While the public cloud offers lots of advantages, confusion around security responsibilities creates protection gaps that hackers are quick to exploit.
Service provider attacks. As technology and threats become ever more complex, companies are increasingly outsourcing their IT to specialist managed service providers (MSPs). Cybercriminals have realized that targeting MSPs enables them to hold multiple organizations hostage with a single attack. One attack, many ransoms.
Encryption-free attacks. The ability to encrypt files was one of the original core capabilities needed to make ransomware a viable cybercrime. Today cybercriminals no longer need to encrypt your files to hold you hostage. Why? Because they’ll think you’ll pay up just to stop your data going public.
How to Defend Against Ransomware
Ransomware has evolved into a highly advanced, highly complex threat – and it’s only going to evolve further. With that in mind, how can you minimize your risk of being affected by ransomware?
The answer is to make it as hard as possible for ransomware actors to deploy their complex attacks, and to take advantages of opportunities presented by changes in technology and society. To do this we recommend:
- Threat protection that disrupts the whole attack chain
- Strong security practices
- Ongoing staff education
How Sophos can help
The best protection requires the best defenses, both for data held on premises and data stored in the public cloud.
- Sophos Intercept X includes advanced protection technologies that stop ransomware on your endpoints and servers at multiple stages of the attack chain.
- Sophos Firewall is packed with advanced protection to detect and block ransomware attacks, and stop hackers moving laterally around your network to escalate privileges.
- Intercept X and Sophos Firewall are great on their own – and even better together thanks to Synchronized Security. If a detection is triggered in either product, they work together to automatically isolate the affected devices, preventing the threat from spreading further.
- Sophos Managed Detection and Response (MDR). Many organizations don’t have the expertise, resources, or desire to monitor their network 24/7. The Sophos MDR service is a dedicated, round-the-clock team of threat hunters and response experts who constantly scan for and act on suspicious activity.
- Sophos Cloud Native Security continuously analyzes public cloud resources to detect, respond, and prevent gaps in security across AWS, Azure, and GCP public cloud environments that can be exploited in a ransomware attack.