Ransomware attacks against individual endpoints are so passé. According to reports out this week from two security research teams, financially motivated cybercriminals are updating their ransomware playbooks in search of bigger payoffs from their victims. Increasingly, they're making more money by putting bigger game in the crosshairs, namely networked business assets such as file shares, servers, network hosts, and infrastructure-as-a-service cloud infrastructure.
A new study from researchers at Vectra shows that the biggest threat to enterprises from ransomware today is malicious encryption of shared network files. Whereas ransomware attacks against isolated endpoints should be no big deal to recover from with any modicum of backup procedures, ransomware targeting of file shares is much more likely to trigger "all-hands-on-deck" emergencies. First of all, attackers are able to do a lot more damage with minimal action by taking advantage of the scale of share volume availability to numerous local systems. It takes only a single access point to lock access to documents across numerous departments or divisions at a targeted organization.
"In a volume-sharing system, a single infected host could encrypt an entire networked volume, resulting in a global impact on the target organization's business and systems," the report explains.
What's more, in many instances, these shared volumes are themselves used as a part of backup procedures for other systems so recovery can become quite tricky without offline backups.
"The files must be recovered from the most recent cold backup if the ransom is not paid," the report says. "Backup systems attached to a network are also at risk, which is why cold offline backups are critical for r ..
Support the originator by clicking the read the rest link below.
