Hi All
It appears in 2021, we are going to have a monster challenges, keeping up with the Ransomware attackers, but also detecting and eliminating them as quickly as possible.
Regards
Caute_Cautim
To me encrypting data faster does not seem like it would be a benefit to the bad actors because slowly randomly encryption would be harder to detect and require better backups to recover the data. This being of course on system that are backed up as they should be. Looking at the other side of things where companies pay so the data is not release would not be affected by this but there needs to be much better monitoring of the exfiltration of data.
John-
The key is to be quicker on your basic security hygiene, as attackers are often exploiting things that are an easy fix. At least that's what our red team exercises have revealed. The last ransomware attack I had a hand in cleaning up exploited a vulnerability for which a patch had been issued in the last 7 days, but which was still in testing prior to deployment. We moved to patching within a 5 day windows and pushed out patches even if we couldn't fully test them, as the alternative was widespread downtime. Sometimes the least worst option is the one you have to go with.
@JKWiniger Perhaps the answer lies in always encrypting all data and only handing out keys to completely verified and authorised users only i.e. Full Homomorphic encryption for instance?
Then they the attackers would have to attack the central authority to obtain the keys to the kingdom, but they time they have done that perhaps their access will have been withdrawn - but they will keep attempting to gain access?
Regards
Caute_cautim
@Steve-Wilme I agree in part, however, unfortunately like many organisations, they act as islands in the sea. Whereas the bad guys are really getting good at sharing, and collaborating and working at it with proxies and joint ventures - we simply have to get smart and work out exactly what are we failing to do, and change accordingly our behaviour within legitimate organisations.
Alone, as islands we will all definitely fail, in all probability the speed, the use of the AI tools together with smart innovation and the flexibility to move quickly, whereas others are still patching - perhaps automation processes and orchestration is the key to solving this. Removing the human factor to a degree and increase efficiencies and effectiveness. Then it may become a robot vs robot situation?
Regards
Caute_cautim