Ransomware Attacks Show Importance of Complex Protective Measures
By Amir Geri
Last Tuesday, the world experienced another massive attack on its way of life. While terrorism targets the mind and body of civilian populations, wide-spread ransomware attacks have the potential to cripple economies – something that is much harder to contain.
Within a few hours of the first attack reports, headlines flashed all over the world showing naval ports taken out of commission, shipping and oil companies hit, and even retail businesses coming to a full halt in the middle of their busiest hours.
What differentiated this attack from previous attacks was the ability of the attacker to easily combine multiple practices in order to maximize gain. By combining Petya’s encryption methodology with WannaCry’s use of the SMB vulnerability, adding Office vulnerabilities and mainstream administrative tools and Windows capabilities, the attacker reached a high maximization of the attack. Within minutes of the first computer being compromised, entire organizations succumb to the same ransom note.
The complexity and immersiveness of these types of attacks require a complex and immersive approach to protecting the organization. While multi-billion revenue generating companies do not take measures to protect themselves against these threats, it is important to note that not all protective actions are sufficient in stopping such complex, yet generic attacks.
Combining complex malicious behavioral detection together with targeted prevention of key actions is the only way to stop such attacks.
Analysis of network behavior, user behavior and typical ransomware behavior, is required in order to zoom in on these attacks, as soon as they occur, preventing them and still retaining the ability of the administrator to perform proper administrative actions.
This is what we do at Cynet.
Amir Geri is Cynet’s VP of Research & Development