Ransomware Has Evolved And So Should Your Company
•Télécharger en tant que PPTX, PDF•
0 j'aime•135 vues
Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don't pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption. The scariest about these methods is that the Ransomware doesn't need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal's will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these evergrowing attacks? Join us in our latest webinar with Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato).
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Ransomware Has Evolved And So Should Your Company
Similaire à Ransomware Has Evolved And So Should Your Company (20)
Plus de Veriato
Plus de Veriato (10)
Dernier
Dernier (20)
Ransomware Has Evolved And So Should Your Company
- 1. Confidential Dr. Christine Izuakor Jay Godse Ransomware has evolved, and so should your company Thanks for your patience as we wait for others to join.
- 2. Confidential Your speakers Dr. Christine Izuakor Dr. Izuakor is the Founder and CEO of Cyber Pop-up. She has 10 years of Fortune 100 enterprise technology and leadership experience, including building numerous security functions from the ground up at United Airlines. She earned a PhD in Security Engineering, is a cyber security professor, writes and speaks on a wide range of cyber security issues globally, and helps corporations solve a broad range of strategic cybersecurity challenges. Jay Godse Jay Godse is the Head of product and technology of Awareness Technologies. He has over 15 years’ experience in building enterprise scale SaaS businesses that are focused on Information Security and regulatory compliance. He brings deep expertise in developing security programs for large enterprises as well as SMBs.
- 3. Confidential Today’s agenda • Ransomware 101 • A deep dive into the Colonial Pipeline breach • The rise of ransomware as a service • Why traditional backups and antivirus aren’t enough • Tips for ransomware detection and prevention
- 4. Ransomware attacks soared 150% in the last year. Group-IB Security Firm
- 5. Confidential The average ransom demand is $170,000, though larger operations request up to $40M. Group-IB Security Firm
- 6. Confidential Basic digital extortion Palo Alto Networks Advanced persistent variants Double extortion What is ransomware and how has it evolved?
- 7. Confidential What really happened in the Colonial Pipeline attack?
- 8. Confidential 64% of attacks were powered by RaaS. Group-IB Security Firm
- 9. Confidential • Advanced ransomware can target backups • Traditional antivirus is not comprehensive enough to defend against today’s ransomware Are traditional backups and antivirus enough?
- 10. Confidential How can businesses evolve to address ransomware attacks? • Strong backup strategy with segmentation • Comprehensive endpoint security • Insider threat management • Zero Trust culture with robust user verification • Early detection and real-time response
- 11. Confidential 85% of security professionals believe ransomware is the biggest cyber threat to SMBs. Global State of Channel Ransomware Report
- 12. Confidential What are key solution capabilities that matter? • Advanced detection with up to date signatures • Encryption interception capabilities • Safe backup storage • Malicious account and activity blocking
- 14. Confidential Why is Antivirus not enough to combat Ransomware? ● AV cannot respond to the attack or lock down the machine initiating the attack. ● Even the most advanced Antivirus solutions cannot always detect unknown malware signatures which means ransomware might go unnoticed until it is too late. In fact, some ransomware is designed to spoof AV. ● Antivirus does not include any backup utility to help you restore your encrypted files. Can your AV solution reliably protect you from an attack, and provide you with remediation tools?
- 15. Confidential Download Installs on Server in less than 10 mins. Detect Detect, alert and restore before the business is held hostage. Protect Should Ransomware reach the file server, RansomSafe will lock down the endpoint to prevent further encryption. Backup Failsafe backups ensure the latest version of your files are always available for recovery Recovery Once the attack is stopped, recover in minutes with a few clicks. No extensive or expensive downtime. Multiple Mechanisms For Response RansomSafe
- 16. Confidential Solution Features RansomSafe™ acts as a vital layer in your ransomware defense, combining just-in-time data protection with multiple mechanisms to detect, and shut down attacks before they hold your business hostage. RansomSafe
- 17. Confidential What Customers Are Saying
- 18. Confidential Schedule your Ransomsafe demo today! Sales@Veriato.com
Notes de l'éditeur
- Christine: *kick off session*
- Christine: *introduce speakers*
- Christine: *walkthrough agenda and what attendees will walk away with*
- Christine to set context: Attacks are up. Ransomware hostage negotiations careers soaring. Discuss remote work influence and user enablement. IBM's X-Force incident response team reports ransomware accounted for 25% of the breaches they encountered in 2020
- Christine to set context: Growing cost. Ransom + the costs of operational impact, recovery, data recreation if lost, etc. One report shows operators of the ransomware Sodinokibi determined ransom demands based on the victim organization's revenue. It ranged from 0.08% to 9.1% of the victim's annual revenue on average. E.g. The Atlanta city government spent over $17 million to recover from a virus attack that demanded $52,000 in Bitcoin. Trend of Bitcoin reserves for payments.
- Christine to set context: There's a clear shift in the focus of ransomware attacks over the years. Unlike the global attacks of WannaCry and NotPetya from the 2017s, where the attackers would "spray and pray" for ransom, now these attacks are more strategic, targeting a definite revenue goal from the ransom. More strategic and targeted attacks that search for backups and infect those too. Double extortion attacks are another key trend. This method uses the twin strategies of demanding the ransom after encrypting data and leaking the data if the victim refuses to pay up. Question from Christine to Jay: Can you expand on that? What does ransomware look like in 2021? What are the latest variants and trends? How has it evolved from your perspective? Jay: Share thoughts
- Questions from Christine to Jay: Georgia-based Colonial Pipeline, the largest pipeline system for refined oil products in the US, was hacked in May 2021. It prompted the company to shut one of America's major arteries for fuel delivery which resulted in physical impact across various states. What happened here? Why was it so significant? What were the impacts? Jay: Share thoughts
- Questions from Christine to Jay: One trend helping in this space is RaaS. For those unfamiliar, can you simplify what RaaS is and why it’s a concern? Jay: Share thoughts A resource : https://www.darkreading.com/attacks-breaches/new-ransomware-group-claiming-connection-to-revil-gang-surfaces/d/d-id/1341271?_mc=NL_DR_EDT_DR_daily_20210611&cid=NL_DR_EDT_DR_daily_20210611&elq_mid=104424&elq_cid=23061409 Potential POLL question: What’s your primary strategy against ransomware: Backups Antivirus Training and awareness A wish and a prayer
- Questions from Christine to Jay: Walk us through a day in the life of someone trying to rely on traditional backups and antivirus for ransomware protection. What are gaps in options or challenges one might face? Jay: Discuss key points A few ideas By design, antivirus software looks for known ransomware. New ransomware variants will likely be left undetected. Antivirus doesn’t always prevent human error when users click infected links or insert corrupted USB drives. Alerts on potential danger, but may not block a successfully launched ransomware attack or help recovers damaged files. AV may not be effective against ransomware-infected apps when they’ve granted the apps with permissions to access their system-critical data.
- Questions from Christine to Jay: : How can businesses prevent, detect and respond to ransomware attacks? Jay: Share thoughts
- Christine to set context: Impacting companies of all sizes. mid-market especially is ill equipped to respond/survive. Everyone is looking for help in this space and tech can help. *Segway to next slide”
- Questions from Christine to Jay: For companies large and small looking to defend against these attacks through technology, walk us through some key solution features that matter. Jay: Share thoughts *Segway into demo to actually show features*
- Christine: Transition to Q&A and then close out session
- Antivirus solutions can only notify you with a warning that ransomware may have been detected. But AV cannot respond to the attack or lock down the machine iniating the attack Antivirus cannot detect unknown malware signatures which means ransomware might go unnoticed. In fact, some ransomware is designed to spoof AV. Antivirus does not include any backup utility to help you restore your encrypted files. Antivirus makes educated guesses (Heuristic Analysis) as to whether the malware is a threat. But the solutions dont always get it right. Options: Backups: Need a current backup Backup is one of the best way to deal with backup: need to monitor your backup False sense of security People pay when they do not have the ability to restore People Restoring their data will take too long and the backup doesn’t fully restore the data. SMB have Lower cybersecurity budgets Enterprise believe they are covered with all their security Do not have the technologies in place to detect a ransomware attack, and do not have full backup systems Less staff training on security Criminals attack because they know how critical data is and how fast they need it. Ex: SMB less money - $800 State agency - $10K
- File Screening: Veriato RansomSafe™ is continuously updated, maintaining a robust database of known ransomware signatures. The software will, in real time - detect the presence of known variants by matching against this database. Honeypots - By helping you place honeypot files on your file that, if modified, alert Veriato RansomSafe™ to a ransomware attack, the software is able to reliably detect attacks from previously unknown variants. Fail-Safe - The best protection against the disruption and expense of a ransomware attack is current backups. Veriato RansomSafe™ intercepts the command to encrypt (or delete) your files, making a copy and storing it safely away from the reach of the attack. Lockdown - Veriato RansomSafe™ blocks the user account attempting to encrypt your files from making changes to the file system, shutting down the attack to prevent further encryption attempts and to minimize the restoration effort required. Veriato RansomSafe™ can send you an email notification immediately if and when this happens, allowing you to respond quickly. Mention Zero day attack feature that might be coming soon?
- Focus on the cost of paying the Ransom. Back up and running in less than 15 mins.
- Christine: Transition to Q&A and then close out session