ArticlesC2 Fall 2021CyberResRansomwareSecurityRansomware Reality and Survival by Joe Leung September 21, 2021 written by Joe Leung September 21, 2021 Ransomware is making headlines everywhere. From the energy industry (Colonial Pipeline’s ransom payment of $4.4M) to the food industry (JBS Foods’ ransom payment of $11M), mounting data suggests this insidious trend may be getting out of control. Money, money, moneyHackers see big cash when average ransom payment exceeds $80K ($780,000 for a large enterprise), while RaaS (Ransomware-as-a-service) and ransomware kits, which start at $175 and require little to no technical skills to deploy, are readily available in the dark web. No wonder ransomware revenues grew 74% to $20 billion in 2020 from $11.5 billion in 2019, according to research firm Purple Security. This highly profitable business with phenomenal growth will very likely fuel more and more attacks. SpotlightThere is no doubt that ransomware is garnering serious attention. The new U.S. government’s one-stop resource site StopRansomware.gov and the latest U.S. White House’s announcement of a ransomware task force are just a few examples of actions springing up left and right. Complex problemThe ransomware kill chain usually consists of multiple tactics such as initial access, persistence, lateral movement, and exfiltration. For example, the most common ransomware attack technique associated with the ‘initial access’ tactic is phishing, which delivers 65% of ransomware infections. The MITRE ATT&CK framework identifies three sub-techniques related to phishing:Spearphishing AttachmentSpearphishing LinkSpearphishing via ServiceThe complexity stemming from different permutations of tactics, techniques and sub-techniques is further compounded by diverse and mutating ransomware. To accelerate effective ransomware detection for SOC analysts so they can focus on what matters without being overwhelmed by false positives, a holistic defense approach – ‘Layered Analytics’ powered by real-time correlation, supervised machine learning and unsupervised machine learning – is essential for contextually relevant threat insights.For more information on how ‘Layered Analytics’ can help thwart a ransomware attack, please check out this white paper: 360º Analytics for a Resilient SOC.It is unfortunate that we live in a world of unrelenting ransomware threats. Fortunately, with the right defenses, we do not have to live in fear. Connect ConvergeConnect WorldwideCyberResHPE user communityJoe LeungPurple SecurityRaaSRansomwarespearphishing 0 comment 0 FacebookTwitterPinterestEmail Joe LeungJoe Leung is the global product marketing director for CyberRes’ security operations portfolio and flagship AI technology, Interset. Before this role, he was the AI product marketing lead for Micro Focus’ unstructured data analytics solution – IDOL. Joe is a fan of exploring use cases for AI, and is excited about how AI can address security challenges especially in the area of IT/OT convergence. previous post Positioning your service provider business for the as-a-service spending surge next post Colocation is great. It’s even better with an as-a-service platform for all your workloads You may also like Developers: Get free resources and training through the... October 16, 2022 Historic collaboration: Next-gen virtual infrastructure accelerates apps, boosts... October 16, 2022 Modernize the hospital data center with personalized healthcare... October 16, 2022 Are we on the path to a National... October 16, 2022 The Struggle with Threat Intelligence October 16, 2022 Modernize your data management with HPE GreenLake and... October 16, 2022 Introducing Qualcomm Cloud AI 100 Accelerators for HPE... October 16, 2022 Recap HPE Discover 2022 October 16, 2022 Making App Modernization Easier with HPE and vFunction October 16, 2022 The Insider Threat Problem: Your biggest threat may... October 16, 2022