What is Ransomware?
Recent headlines have brought increased visibility to an age-old problem, which continues to evolve: ransomware. It remains a revenue-generating venture for attackers. A modern approach is required to stay ahead of the adversary.
United Kingdom: 0808-234-1203
The Evolution of Ransomware
Initially, ransomware was confined to a single host. A single user could lose their files, but ransomware was not able to move across an entire network. Companies and end users were advised to back up their data with the intent of being able to recover much, if not all, mission-critical information in the event they were attacked with ransomware.
Then the threat evolved. Around 2015, researchers began to see the emergence of ‘post-intrusion” attacks, where the criminals gain access to an environment and then stage a ransomware attack from within the network in order to cause as much damage as possible. Next, in 2019, the emergence of ‘name and shame’ began: criminals stealing data before they encrypt it and then threatening to leak it online if their ransom demands aren’t met.
And now, the threat is evolving again. Some groups are abandoning the encryption component and focusing purely on name and shame. Threatening to leak stolen data is an excellent tactic to encourage victims to pay the ransom. From a threat actor’s perspective, when they are in that post-encryption/pre-payment phase, they have expended effort—which can be viewed as cost from their point of view--and they have yet to gain anything in return. So anything which can be further encouragement to make victims pay is considered good for their business from their point of view.
This shift in tactics may also be because the technique scales better; furthermore, recent cases where the disruption caused by the encryption in the attack (Colonial Pipeline being a recent example) has brought unprecedented levels of disruption, leading to scrutiny by governments and law enforcement of these cybercriminals. Attacks that simply steal data without encrypting it can be much harder to detect, harder to stop, and less costly for the threat actor.
Evolving ransomware requires evolving detection. Secureworks Taegis™ XDR and VDR, as well as Secureworks Incident Response planning and Adversarial Testing are the tools you need to help stay ahead of the threat. Ransomware can be stopped. Backed by 20 years of threat intelligence, Secureworks Taegis brings you the tools that are designed to make it possible.
XDR can Combat Ransomware, and Other Types of Cyber Attacks
The recent headlines generated from attacks such as the Colonial Pipeline incident, bring increasing visibility to an age-old problem: ransomware. The ransomware threat has been around for more than 30 years and continues to evolve to stay relevant and remain a revenue-generating venture for attackers. Because of this constant evolution and cat and mouse game, a modern approach is required.
Watch and learn from a Secureworks Counter Threat Unit™ researcher as we bring MITRE ATT&CK to life through ransomware examples and practical insights into the mind of the adversary. You'll see how an open Extended Detection and Response (XDR) platform handles real-world adversarial tools and attack techniques with rapid threat detections and countermeasures. Watch the Webinar
Stop Ransomware with TaegisRansomware has become one of the most prevalent and disruptive forms of cyberattack in the recent years. The FBI IC3 2020 Internet Crime Report states that the number of ransomware incidents increased by 21% from 2019 to 2020. The UK National Cyber Security Centre’s 2020 Annual Review reports that the agency “handled more than three times as many ransomware incidents [in 2020] than last year.” From paralyzing government services to shutting down major fuel supply lines to disrupting a global meat production business and impeding patient care at hospitals – ransomware has grown into a multi-million-dollar global enterprise.
Protect your organization from ransomware with Secureworks Taegis™ Security Operations and Analytics Platform. Taegis brings together extended detection and response (Taegis XDR or Taegis ManagedXDR), vulnerability management (Taegis VDR), and continuously curated, comprehensive threat intelligence to help you reduce the risk of a ransomware attack and stop ransomware prior to data exfiltration and file encryption.
Detect, investigate, and respond to threats with an open XDR solution that leverages advanced security analytics.Taegis XDR
Our 24x7 Managed Detection and Response (MDR) service combines software, threat hunting, and incident response in a single solution.Taegis ManagedXDR
Vulnerability exploitation is one of the most common ransomware attack vectors, as reported by FBI’s Internet Crime Complaint Center (IC3). So, effective vulnerability management is critical to hardening your organization’s security posture against ransomware. Vulnerability management has long been a time-consuming and heavily manual task, but with Taegis VDR, you can automate asset discovery and vulnerability detection and take advantage of the highly accurate and relevant vulnerability prioritization. Taegis VDR determines vulnerability risk based on the unique context of your environment, threat intelligence data, and 45 other internal and external factors, so you can prioritize and remediate effectively.
Ransomware can evade traditional antimalware solutions by living only in memory. Cobalt Strike, a tool originally built for adversary simulations and red team testing, but often used by ATPs and other threat actors, is an example. Taegis Extended Detection and Response (XDR), can detect Cobalt Strike, giving you an advantage during the early stages of an attack.
If perpetrators manage to get in, they often “live off the land,” leveraging legitimate network administration and other tools to conduct reconnaissance and move laterally across the network. Taegis XDR and ManagedXDR can detect malicious use of authorized tools to prevent threat actors from advancing to the next stages of a ransomware attack: extracting data, destroying backups, and distributing and detonating ransomware.
Leverage Secureworks Taegis to get an early warning about emerging threats, identify and eliminate vulnerabilities, and stop ransomware before it inflicts material damage on your organization.
Detect Ransomware Attacks Early with Secureworks® Taegis™ XDR
- Watch the video
Learn from our Ransomware Experts
Taegis™ XDR Adversary Software Coverage Tool
Prevent the 3 Most Common Ransomware Attack Vectors
Hades Ransomware Operators Use Distinctive Tactics and Infrastructure
Cyber Incident Response Preparation – A Ransomware Use Case
Talk with an Expert
Provide your details to speak with a security expert or call for general inquiries.
United States & Canada: 1-877-838-7947
United Kingdom: +44-0-131-260-3040
Australia: +61 1800 737 817