Ransomware attacks have never been more dangerous, or prolific. 2020 was described by security experts and media outlets as the "worst year ever for ransomware." Then ransomware attacks grew by 105 percent between 2020 and 2021. This cyberwar has devastated countless SMBs, enterprises, critical infrastructure firms, and even governments. When a Conti ransomware attack took Ireland's health service offline, an entire nation was effectively held to ransom. It’s fair to say ransomware defense is currently failing.
Numerous factors have contributed to ransomware's meteoric growth, but one of the most impactful has been the rise in remote and hybrid work. In 2018, around 1 in 5 people were able to work from home some of the time. Today, over 92 percent of people expect to be able to work remotely at least one day per week. Business use of remote-friendly technologies like VPNs and remote desktop protocols, alongside cloud technology, has similarly skyrocketed.
Faced with a fast-changing threat landscape and record numbers of vulnerabilities, many organizations have responded by upping their security budgets. Unfortunately, spending more on security does not guarantee more secure networks.
Even with increased cybersecurity investment, few companies have the right tools to counter modern ransomware attack chains. Ransomware attackers have evolved sophisticated methods to evade detection-based security, developing attacks that hide in device memory. Fighting back against the evolving threat ransomware poses requires prevention-focused technology like Morphisec's Moving Target Defense (MTD).
What Makes the Perfect Ransomware Victim?
Looking at news headlines, it's easy to assume ransomware attackers prefer large enterprises. In reality, business size isn’t always the biggest concern for cybercriminals. Much more important is what kind of data a potential target holds. This is because ransomware is no longer about simply shutting down a company's systems. Instead, the modern ransomware "business" offers threat actors two complimentary profit opportunities—encryption and exfiltration.
Ransomware groups like REvil have developed the capability to simultaneously exfiltrate data and shut down networks. This makes double extortion a critical path to profit for many cybercriminals. Threat actors know their victims will pay almost anything to minimize disruption and keep personally identifiable information (PII) secure.
At the same time, organizations are digitally collecting, processing, and storing more PII than ever. The pandemic forced whole sectors to immediately make their clients' information digitally available. This meant unimaginable volumes of PII migrated from on-premises servers—and sometimes filing cabinets—straight to the cloud. However, securing this data is often an afterthought, as evidenced by spiraling numbers of cloud misconfigurations, which cause up to 70 percent of cloud security vulnerabilities.
Meanwhile, legislation is increasing risks and costs for companies that don’t protect sensitive information. In the EU, GDPR enforcement has gotten notably more aggressive, and fines are mounting. Q3 of 2021 saw organizations hit with over $1 billion in penalties. This was 20 times more than in Q1 and Q2 combined. Cybercriminals are now even threatening to report victims to the appropriate authorities if a ransom is left unpaid.
No federal equivalent to GDPR exists in the US. But a new generation of state-level legislation such as the CPRA (California Privacy Rights Act) is gaining traction. As a result, increasing numbers of businesses face fines if their client or employee PII data is exposed in a data breach.
Standard Security Tools Are no Ransomware Defense
Organizations are investing heavily in security solutions like next-generation antivirus (NGAV), endpoint protection and response (EDR), and extended detection and response (XDR) to protect against the rising risk of ransomware. However, these solutions’ effectiveness against ransomware is declining.
A telling sign of this trend is the amount of organizations that choose to pay a ransom. Last year 63 percent of companies paid ransom money to cybercriminals. In 2017, this figure was less than 40 percent. While their victims are doubling down on security tools that depend on threats playing by the rules, threat actors are becoming more innovative.
In the past, ransomware strains like WannaCry spread automatically. Today ransomware is increasingly delivered through human-operated attacks. Also called a "hands-on keyboard" attack, this sees skilled cybercriminals directly controlling the infection path of malware. Using remote access trojans (RATs), criminals can customize an infection path based on what they find inside a victim's environment. They then use tools such as Cobalt Strike, which launch from device memory at run-time—a place no solution can reliably scan—to deploy ransomware without triggering defenses.
While traditional security tools uncover known threats very well, they leave critical threat vectors unprotected against dynamic, evasive threats.
Changing the Rules of Engagement Against Unpredictable Threats
That said, everyone needs effective antivirus protection against the daily, more common threats that bombard corporate IT environments. And Microsoft Defender for Endpoint offers a level of effectiveness comparable to, if not better than vendor-provided alternatives.
Like all signature-based solutions, Microsoft Defender cannot reliably prevent evasive threats that exploit device memory or zero-day attacks. But Morphisec has developed a suite of tools using its automated Moving Target Defense (MTD) technology that augment Defender and other AV solutions, stopping advanced attacks.
MTD (or AMTD for Automated Moving Target Defense) takes protection to another level. By dynamically morphing device memory at run-time, MTD makes it impossible for attackers to find the applications or vulnerabilities they’re looking for. It’s the ultimate ransomware defense.
Powerful Anti-Ransomware Innovation
Combined with a powerful signature-based tool like Microsoft Defender, MTD effectively prevents zero-day, fileless, and in-memory attacks. Critically, MTD works without adding to defenders' workload. Morphisec’s MTD solutions such as Morphisec Guard for endpoints and Morphisec Keep for servers integrate seamlessly with Microsoft Defender. This gives you a single pane of glass overview of your entire environment.
Morphisec offers proactive defense against advanced cyberthreats. Combining Morphisec with Microsoft Defender tips the balance of innovation in your favor. To learn more, read the white paper, 10 Tips to Boost Microsoft Defender AV Security.