Breaking News

Herjavec Research says manufacturing firms were the biggest ransomware targets in the first half of 2021




Herjavec Research says manufacturing firms were the biggest ransomware targets in the first half of 2021

Companies producing manufactured goods were the biggest targets of ransomware attacks in the first half of the year, according to a new report by a Canada-based international managed services provider.

In a report released this week, the Herjavec group said that 39 percent of the victims listed on ransomware groups' data-leak websites in the first two quarters of the year largely fell into the manufactured goods category.

This was more than twice the number of technology firms and technology service providers (18 percent) listed. The third largest were the public sector and legal services organizations (16 percent), followed by firms in finance (11 percent), healthcare (six percent) and education (four percent).

The bulk of the report deals with brief profiles of the most common types of ransomware: Conti, Reville, Advadon, Cl0p, Darkside, DoppelPaymer, Babuk and Netwalker.

In an interview, Herjavec's senior vice president for managed services Adam Crawford said that CISOs should be aware that attacks from the two most common ransomware groups, Conti and Reville (also known as sodinokibi by some researchers) can no longer be carried out by anyone. are going. Keyboard instead of automation. This makes them a great challenge for the defenders.

Many variants of the ransomware share code similarities and strategy, techniques and procedures (TTP) related to older variants seen in 2020 and earlier, notes the report.

For example, Wizard Spider's Conti has many code similarities to its predecessor, Ryuk. However, criminal developers continue to innovate, including encrypting over multiple threads to achieve faster target extract times.

Another recently observed trend is the use of domain generation algorithms for command and control communications and common cloud platforms such as arclone for data exfiltration.

risk mitigation measures
The report also includes a list of ways that CISOs can reduce their organizations' risk of falling victim to ransomware.

The first is to deploy Microsoft Group Policy to restrict the software's ability to run from Windows %appdata% and temporary folders. These are typically used by malware because all users have the ability to predictably write to these locations, and permission cannot be restricted without affecting system function. However, it adds, there are some reasons why software must be installed or run from these directories.

"If the malware can't run," the report reads, "it can't do any harm."

Another recommendation is to restrict web browsing and email access by privileged users such as administrators, who are the main targets of attackers. These employees must have separate accounts for administration and daily computing.

When asked what organizations could do better to reduce the risk of falling victim to ransomware, Crawford listed three things:

Understand what their critical data assets are and protect them. Not every asset can be treated equally.
Make sure the backups are there and cannot be encrypted by the attacker.
Create a good business continuity plan that can be implemented quickly.

No comments