Traditional tools cannot handle ransomware attacks

Having an arsenal of tools to guard against ransomware attacks doesn’t seem to be working. A recent study by Titaniam, covering US companies, revealed that while more than 70% of organisations have cybercriminal detection and prevention solutions in place, almost 40% were hit by attacks last year. Which makes it clear that prevention, detection and backup should only be one part of anti-ransomware solutions.

Data exfiltration during ransomware attacks has increased 106% from 5 years ago. According to the study, we are seeing the emergence of a new trend among cybercriminals – previously they would just encrypt entire systems after stealing them, but now they are getting ahead of victims and stealing data before victims try to protect by encrypting it.

We see that ransomware attacks have moved from a two-stage approach to a three-stage focus. Initially, actions focused on infiltrating and moving laterally to identify high-value resources and data (stage 1) and encrypting them with the intent to extort (stage 2). Afterwards, actions could be handled by combining prevention/detection and backup/recovery solutions.

The latest ransomware attacks include a third stage that promotes data exfiltration. Data stolen in stage 2 used to extort victims, even if they have backup solutions. So protecting yourself against data hijackers remains an uphill struggle.

“Traditional tools are ineffective against ransomware and extortion because the most common attacks are not about hackers, but about attackers using stolen credentials. When this happens, traditional security solutions view the attackers as if they were valid users,” says Arti Raman, founder and CEO of Titaniam.

So by moving around victims’ networks, attackers can use their credentials to decrypt, detokenize, and unmask data just as a legitimate user or administrator would. Once they have the data decrypted, the attackers exfiltrate it and use it as a weapon for extortion.

Of the victims surveyed, 60% say hackers used data theft to further extort data, known as double extortion. The majority (59%) paid ransom, which leads to the inference that they were not saved by their backup or data security tools. The study also found that in 47% of cases, data was exposed and lost through other means unrelated to exfiltration via ransomware.

A large proportion of the companies surveyed (75%) were exposed even using the three main categories of solutions against ransomware attacks (prevention and detection; backup and recovery; and data protection).

Companies participating in the study revealed strong investments in traditional technologies, with an even distribution across these three categories. In the specific case of Data Protection, it can be concluded that traditional tools are not succeeding against ransomware and extortion attacks, so companies are hungry for more effective solutions to provide a better line of defense.

Regardless of how data is being lost, over 99% of all participants expressed interest in a cybersecurity platform that helps reduce the loss of valuable data.

In addition, the study found very strong budgets focused on data security. This item was ranked as the top budget priority for 59% of respondents, below prevention/detection tools (56%) and backup/recovery (47%). When asked if they had enough budget to dedicate to data security, the vast majority (90%) said yes.

The final question in the study asked participants to share what the top drivers were that would make them direct budget toward data security. The top response was “hearing about ransomware and extortion attacks suffered by their peers. Other responses form management requests, compliance considerations, and previous ransomware attacks in their own organizations-that is, saints from home don’t seem to be working miracles.

One of the ways to defend against the latest ransomware attacks is to implement data encryption solutions in use. This can obscure data from being exfiltrated by attackers. This is a market that is expected to grow strongly in the coming years, according to Gartner – 40% of organisations will have a data encryption strategy by 2023.