Ransomware Threats to Continue Through 2020
Managed Security Service Providers (MSSPs) are now being considered higher valued targets for cybercriminals. This is based on BlackBerry Cylance’s 2020 Threat Report.
In mid-2019, we saw new ransomware make its appearance across the globe. This ransomware has been called multiple names, but the bottom line is they are attacking the same sort of agencies. These ransomware attacks are going after high valued targets.
Sodinokibi, Sodin, or REvil, were used to compromise businesses and government agencies with a targeted attack on their managed service provider (MSPs) and MSSPs.
Once gaining their foothold on the organization, they were able to intrude remotely managed tools like Go2Assist and Ninja RMM which allowed them to steal credentials with a password recovery tool.
This allowed for the access and disabling of security software connected to the domain. This allowed for the exploitation of the system and the spread of the ransomware to every machine in the system.
It is speculated that ransomware in 2020 is only going to get worse. High valued targets are only going to be attacked harder. It is important for MSPs and MSSPs to be more diligent against identifying and blocking these sorts of attacks.
The use of AI could be a solution to ransomware threats. AI has the capability of learning and blocking these types of threats. As a step toward threat prevention, AI offers strategies and advantages in learning proactive strategies against ransomware threats.
This will help head the ransomware attacks off before they become a problem.
Cybercriminals are beginning to target software firms and stealing their intellectual properties. This allows for the implementation of malware in their platform which is being used in supply chain attacks. In the report, over a quarter of the companies were victims of an attack like this at some point in 2019.
The hope is that developmentally, businesses can be adapted and protected instead of being vulnerable and victimized by cybercriminals using ransomware.
