Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • IT Management

    Chinese Cybercrime Allegations Mark New Turning Point in Global Ransomware Crisis

    Looking at the landscape of 2021 ransomware attacks, it’s clear that whatever ransomware attacks have lost in quantity, they’ve more than made up in quality.

    By
    eWEEK EDITORS
    -
    August 13, 2021
    Share
    Facebook
    Twitter
    Linkedin

      Recently, the U.S. Justice Department officially accused Chinese cybercriminals of launching ransomware attacks against U.S. businesses. Specifically, the charges alleged that Chinese state-sponsored hackers had exploited vulnerabilities (since patched) in Microsoft Exchange Server over two months, linking those exploits to a number of ransomware activities, including DearCry.

      The DearCry ransomware itself was very much “ransomware for beginners,” lacking the more sophisticated attack or detection characteristics you’d expect from a nation-state-linked ransomware package. And in general, we find that ransomware operators typically operate either from the dark web or from compromised servers hosted in a country that the attackers themselves don’t live in.

      That removal between attack and attacker makes attribution hard (albeit not impossible), so the Justice Department’s allegation that the hackers behind Exchange-related ransomware like DearCry and Black Kingdom were actually working for Chinese intelligence marks a new escalation on the international ransomware front. Especially as other international partners from the U.K, Australia and Japan, to the European Union and NATO, joined in the condemnation.

      Earlier this year, I had hopes that our global ransomware problem was improving, not worsening. Despite highly publicized stories of ransomware attacks during the pandemic last year, new independent research found that the number of ransomware attacks from 2017 to 2020 had actually been declining, rather than increasing.

      But looking at the landscape of 2021 ransomware attacks – from Colonial Pipeline to Kaseya to the alleged DearCry and Black Kingdom hacks from China – it’s clear that whatever ransomware attacks have lost in quantity, they’ve more than made up in quality.

      Ransomware isn’t just getting worse; it’s becoming a full-blown international crisis.

      Blurring the lines between nation-states and private ransomware groups

      That ransomware has become such a crisis is a testament to how much harder attacks have become to detect and thwart. That’s because the attacks themselves have become significantly more sophisticated, with private ransomware organizations beginning to mimic the tactics, techniques, and procedures (TTPs) of nation-states – or nation-states directly putting these hackers onto their payroll.

      As a result, more mature TTPs that we’d previously seen used predominantly by nation-states – exploiting zero-day vulnerabilities, launching in-memory attacks, targeting supply chains and distribution points – have become more widespread among attackers of all stripes. And naturally, the more ransomware attackers there are using sophisticated TTPs, the easier it is for these ransomware attacks to successfully infiltrate their targets.

      4 key pillars for a global anti-ransomware strategy

      The escalating threat of ransomware – both in the nature of the attacks and the origin of the attackers themselves – demands an escalating response from businesses and governments around the world.

      Taking the wind out of ransomware’s sails comes down to four major countermeasures:

      • An international response: Many cybercriminal groups live in countries where their local governments will neither pursue them with criminal charges nor extradite them to countries that will. That’s to say nothing of the nation-states themselves, which may have some of these hackers on their government payroll. As long as certain corners of the globe are harboring, or even outright facilitating, ransomware attacks, the international community in turn needs to combat that with a unified response. White House, G-7 and NATO summits made earlier in the year about a ransomware were a good first step; the international condemnation of Chinese cybercriminals in the DearCry and Black Kingdom attacks builds upon that. But there needs to be a consistent and strong diplomatic effort in condemning nation-state ransomware attacks, with real enforcement behind that condemnation. Ransomware deserves a global response, and one that’s more than just a strongly worded letter.
      • Pairing anti-ransomware software with human-led threat hunting: Simply installing anti-ransomware technology, like endpoint protection, is not enough. Defensive technologies need to be complemented with human experts who are able to proactively monitor and hunt for threats, detecting the red flags that more automated approaches might miss. If an organization doesn’t have these capabilities in-house, they should consider partnering with a security operations center that does.
      • Good IT hygiene: This is a basic one, but it remains essential in large part because so many organizations still aren’t practicing it. Key IT hygiene measures include:
        • Training employees so they know how to identify phishing attacks and to whom they should report those attacks.
        • Securing any internet-facing unprotected interfaces.
        • Installing two-factor or multifactor authentication across the corporate network.
        • Backing up critical data and systems to separate networks or off-site locations.
      • Don’t pay the ransom: I know this is a hard call, and it’s easy when you’re not the one being extorted to say, “oh, just don’t pay the ransom.” But the truth is, paying the ransom doesn’t help anyone. Paying ransoms incentivizes future ransomware attacks by making it a profitable business for attackers. And it doesn’t necessarily win back an organization’s data, either, which is the whole reason you’d pay to begin with. On the contrary: more than 90% of organizations who do pay the ransom end up not getting all of their data returned. In fact, many ransomware victims who pay don’t get back any of their data, period. Organizations are more likely to restore their data from their own backups than to get them back from paying off attackers.

      The ransomware crisis is getting worse, and new allegations of Chinese state-sponsored cybercrminals attacking U.S. businesses with ransomware is proof of the darker turn this trend is taking. But the combination of a coordinated global response (with real enforcement around that response), human-led threat hunting combined with anti-ransomware technology, organizations practicing basic IT hygiene, and a refusal to pay attackers can all help to start finally turning the page on this crisis.

      About the Author: 

      Dan Schiappa is the chief product officer at Sophos. 

      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×