Ransomware Attackers Improve Operational Efficiencies

Attackers are getting more efficient at exploiting vulnerabilities, and this trend is likely to continue as threat actors automate aspects of their attack sequences. We see evidence of this automation in the hundreds of organizations that have been hit by the Cl0p ransomware gang in just the last few weeks.

‍

Cl0p has been observed exploiting a known vulnerability in the GoAnywhere software en masse. Now we are just starting to see attacks leveraging a vulnerability in IBM Aspera Faspex, and if threat actors automate this exploit too we could see a similar surge in victim organizations.

‍

And just this week, researchers published analysis of a new ransomware strain dubbed  Rorschach that was noted for having some unique features like extremely fast encryption speeds, advanced security evasion, and some stealthy DLL side-loading.

‍

The researchers noted that the strain is partly autonomous and is running tasks that other ransomware operators would typically do manually, like creating domain group policies that allow it to propagate the malicious executable on the network as new users log in. They go on to detail other automated aspects of this new threat.  

‍

Takeaway:  In short, as attackers continue to automate efficiencies in the attack progression to exploit known vulnerabilities for initial access, improve stealthy payload delivery and evasion techniques, and exponentially improve encryption speeds, we may be in for a very busy period for ransomware attacks as we move closer to summer.

‍

While a lot of focus is around the delivery of the ransomware payload, this is the last stage of the attack. These are multi-stage attacks, and that means we have multiple opportunities to detect and stop them.

‍

Organizations must have the ability to disrupt attacks earlier - at initial ingress, when attackers move laterally, when command and control is established, when data exfiltration begins – instead of after the attackers have already detonated the ransomware payload.  

‍

Organizations require both a robust prevention and an agile resilience strategy to defend against this wave of ransomware attacks. This approach includes endpoint protection solutions, patch management, data backups, access controls, employee awareness training, and organizational procedure and resilience testing into all ransomware readiness plans to be successful.

‍

‍

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.