In October 2021, Sir Jeremy Fleming, the head of GCHQ, disclosed that the number of ransomware attacks in the UK has doubled in just one year. Recently described as “the most immediate danger to UK businesses,” by Lindy Cameron, the CEO of the UK’s National Cyber Security Centre, ransomware continues be a dominant factor in the threat landscape.
It has grown increasingly sophisticated, as have the cybercrime gangs behind it. Over the past two years, they have even evolved ransomware-as-a-service as a new business model to enable lower-skilled threat actors to disrupt businesses.
With many people continuing to work from home, attackers are actively taking advantage of known software vulnerabilities in technologies relating to remote working, including exploiting Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) vulnerabilities.
Cybercriminals also continue to use phishing as a reliable method of initial access, alongside evolving their techniques to launch more sophisticated infections.
With more and more organisations falling victim to ransomware, it is imperative that companies are aware of the techniques used by attackers, as well as the opportunities for detecting it. While much of the advice around ransomware focuses on backing up files and systems, it’s important to remember that precursors to ransomware can be identified and attacks disrupted. Having the appropriate controls in place to detect and respond to attacks is essential.
The most vital step for security teams is to ensure that they have visibility of all their environments – not always easy to achieve in the era of remote working, multiple devices and cloud computing. They should also explore technologies, like SIEM and EDR solutions, that are needed to monitor for ransomware precursors and enable them to disrupt attacks.
As key vulnerable points of entry to networks, endpoints represent a significant security risk for organisations. Redscan’s Managed Endpoint Detection and Response (EDR) service significantly enhances visibility of attacks targeting endpoint devices, supplying an experienced team of threat hunters, the latest EDR technology and up-to-the-minute threat intelligence to identify threats that other controls can miss.