Spicknspan
3 years ago
Global Surge in Ransomware Attacks: To pay or not to pay is not the only question
Guide for enterprises on how to prevent and deal with ransomware attacks
Check Point Research (CPR) recently revealed that the average weekly number of ransomware attacks has increased 93% over the past 12 months.
Every week, more than 1,200 organizations worldwide fall victim to a ransomware attack, and all enterprises without exceptions are at risk.
According to Cybersecurity Ventures, the damage caused by ransomware will reach approximately $20 billion this year, a 57-fold increase from 2015. By 2031, the cost of ransomware incidents could even surpass the hard-to-believe figure of $265 billion.
The number of ransomware attacks is growing for a simple reason, hackers are getting paid. The willingness to pay creates a dangerous loop and increases the motivation of attackers. Additionally, cyber risk insurance is becoming more common, so companies do not hesitate to meet the demands of cybercriminals, further exacerbating the problem.
The increase in attacks is also related to the availability of threats. Many hacker groups offer ransomware as a service, so anyone can rent this type of threat, including infrastructure, negotiating with victims or extortion websites where stolen information can be posted. The ransom is then split between the ‘partners’.
Yet, a ransomware attack often does not start with ransomware. It often starts with a ‘simple’ phishing email. In addition, hacker groups often work together. For example, in the Ryuk ransomware attacks, the Emotet malware was used to infiltrate the network, then the network was infected with Trickbot, and finally the ransomware encrypted the data.
How can enterprises even know if they have fallen victim of a ransomware attack and how should they react? If not caught on time, it’s relatively easy to find out, as organizations will get a message asking for a ransom and won’t be able to access the company’s data.
In addition, cybercriminals are constantly refining their techniques to increase the pressure to pay. Originally, ransomware “just” encrypted data and demanded a ransom to unlock it. The attackers soon added a second phase and stole valuable information before encryption, threatening to make it public if the ransom was not paid. Approximately 40% of all new ransomware families use data theft in some way in addition to encryption. In addition, we have recently seen a third phase where the attacked companies’ partners or customers are also contacted for a ransom, this is a new technique called triple extortion.
Check Point Software’s Incident Response Team, which has dealt with countless ransomware cases worldwide, recommends following these steps when a ransomware attack occurs:
1) Keep a cool head
If your organization falls victim to a ransomware attack, do not to panic. Contact your security team immediately and take a photo of the ransom note for law enforcement and further investigation.
2) Isolate the compromised systems
Disconnect infected systems from the rest of the network immediately to prevent further damage. At the same time, identify the source of the infection. Of course, as mentioned, a ransomware attack usually starts with another threat, and hackers may have been in the system for a long time, gradually covering their tracks, so detecting “patient zero” may not be something most companies can handle without outside help.
3) Beware of backups
Attackers know that organisations will try to recover their data from backups to avoid paying theransom. That’s why one of the phases of the attack is often an attempt to locate and encrypt or delete backups. Also, never connect external devices to infected devices. Recovering encrypted data may cause corruption, for example, due to a faulty key. Therefore, it may be useful to make copies of the encrypted data. Decryption tools are also gradually being developed that can help to crack previously unknown code. If you did have backups that haven’t been encrypted, check the integrity of the data before fully restoring.
4) No reboots or system maintenance
Turn off automatic updates and other maintenance tasks on infected systems. Deleting temporary files or making other changes could unnecessarily complicate investigations and remediation. At the same time, do not reboot systems, as some threats may then start deleting files.
5) Cooperate
In the fight against cybercrime, and ransomware in particular, collaboration is key. So contact law enforcement and national cyber authorities, and don’t hesitate to contact the dedicated incident response team of a reputable cybersecurity company. Inform employees of the incident, including instructions on how to proceed in the event of any suspicious behavior.
6) Identify the type of ransomware
If the message from the attackers does not directly state what type of ransomware it is, then you can use one of the free tools and visit the No More Ransom Project website, you may find a decryption tool just for your ransomware there.
7) To pay or not to pay?
If the ransomware attack is successful, the organization is faced with the choice of whether to pay the ransom or not. Either way, companies must go back to the beginning and find out why the incident occurred. Whether it was human factors or technology that failed, go through all the processes again and rethink the entire strategy to ensure that a similar incident never happens again. Taking this step is necessary regardless of whether an organization pays the ransom or not. One can never take comfort in the fact that somehow data recovery has occurred and consider the incident resolved.
So to pay or not to pay? The answer is not as simple as it first appears. While the ransom amounts are sometimes in the hundreds of thousands or millions of dollars, outages of critical systems often surpass these amounts. However, enterprises must remember that even if the ransom is paid, it does not mean that the data, or even part of it, will actually be decrypted. There are even known cases where attackers have bugs in the codes so that the organization cannot recover the data even if they wanted to.
Don’t rush into a decision and consider all your options carefully. Paying the ransom should really be the last resort.
How can you minimise the risk of being the next victim of ransomware?
Be extra vigilant on weekends and holidays. Most ransomware attacks over the past year have taken place on weekends or holidays, when organizations are more likely to be slower to respond to a threat.
Install updates and patches regularly. WannaCry hit organizations around the world hard in May 2017, infecting over 200,000 computers in three days. Yet a patch for the exploited EternalBlue vulnerability had been available for a month before the attack. Updates and patches need to be installed immediately and have an automatic setting.
Install anti-ransomware. Anti-ransomware protection watches for any unusual activity, such as opening and encrypting large numbers of files, and if any suspicious behavior is detected it can react immediately and prevent massive damage.
Education is an essential part of protection. Many cyberattacks start with a targeted email that does not contain malware, but uses social engineering to try to lure the user into clicking on a dangerous link. User education is therefore one of the most important parts of protection.
Ransomware attacks do not start with ransomware, so beware of other malicious codes, such as Trickbot or Dridex that infiltrate organizations and set the stage for a subsequent ransomware attack.
Backing up and archiving data is essential. If something goes wrong, your data should be easily and quickly recoverable. It is imperative to back up consistently, including automatically on employee devices, and not rely on them to remember to turn on the backup themselves.
Limit access to only necessary information and segment access. If you want to minimize the impact of a potentially successful attack, then it is important to ensure that users only have access to the information and resources they absolutely need to do their jobs. Segmentation minimizes the risk of ransomware spreading uncontrollably across the network. Dealing with the aftermath of a ransomware attack on one system can be difficult, but repairing the damage after a network-wide attack is much more challenging.
John-Knee
4 years ago
FireEye to Announce Fourth Quarter and Fiscal Year 2020 Financial Results on February 2, 2021
2021-01-06 04:00:15 AM ET (BusinessWire)
FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that it will release financial results for its fourth quarter and fiscal year 2020 on Tuesday, February 2, 2021 after the close of the U.S. markets. FireEye will host a conference call the same day at 5 p.m. ET (2 p.m. PT) to discuss the results.
Interested parties may access the conference call by dialing 877-312-5521 (domestic) or 678-894-3048 (international). A live audio webcast of the call may be accessed from the Investor Relations section of the company's website at https://investors.fireeye.com. Shortly after the conclusion of the call, an archived version of the webcast will be available at the same website.
About FireEye, Inc.
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant(R) consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 9,600 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.
John-Knee
4 years ago
FireEye Announces Acquisition of Respond Software
2020-11-19 01:01:01 PM ET (BusinessWire)
FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced the acquisition of Respond Software, the cybersecurity investigation automation company and creator of the Respond Analyst. The acquisition of Respond Software opens new market opportunities to deliver eXtended Detection and Response (XDR) capabilities to a broad set of customers. Additionally, it enables Mandiant(R) Solutions to further productize and scale its expertise and front-line intelligence as part of the Mandiant Advantage platform. The transaction closed on November 18, 2020 and is valued at approximately $186 million in cash and stock, exclusive of assumed unvested stock options.
The Respond Analyst is an XDR engine that accelerates cyber investigation and response by automating the correlation of multi-sourced attack evidence using cloud-based data science models that ingest data from a comprehensive set of security technologies. This technology will become a key part of the Mandiant Advantage platform, bringing vendor-agnostic XDR and investigation capabilities that integrates with any customer environment. Further, the combination of cloud-based correlation and intelligent data science models will be used in the delivery of Mandiant Managed Defense, speeding response times and providing better security outcomes for customers while scaling existing Managed Defense resources to protect more customers.
"With Mandiant's position on the front lines, we know what to look for in an attack, and Respond's cloud-based machine learning productizes our expertise to deliver faster outcomes and protect more customers," said Kevin Mandia, FireEye chief executive officer. "This creates a learning system with new capabilities that will enable us to expand our Mandiant portfolio and drive new XDR revenue through our Mandiant Advantage platform."
The Respond Analyst automates the investigation and triage of security data, at machine speed, with a level of depth and consistency unmatched by human analysis. Using a proprietary intelligent decision engine, the Respond Analyst provides built-in reasoning and judgment to make better decisions, faster without the expensive security engineering and professional services required of most security operations tools. The combination of Respond Software's XDR capabilities with deep, real-time knowledge of attacker tools and techniques derived from Mandiant frontline expertise and intelligence will enable customers to more quickly identify the weak signals of an attack, understand their adversary, and respond quickly to stop an attack before the adversaries are able to accomplish their mission.
"Customers rely on our XDR engine to investigate more alerts, at a deeper level, for far less cost than existing processes and tools," said Mike Armistead, Respond Software chief executive officer prior to the acquisition. "Respond's product dramatically reduces time spent investigating false positives as it connects the dots among siloed, multi-vendor security controls in an easy-to-deploy cloud-based package. Now coupled with Mandiant's world-class threat intelligence and incident response expertise feeding our models, customers can be confident the most up-to-date and relevant attack tactics and techniques are recognized and appropriately escalated. This results in more coverage, faster resolution of incidents, and ultimately, less risk at lower cost."
FireEye Announces Strategic Investment Led by Blackstone and Conference Call
In a separate release issued today, FireEye announced a $400 million strategic investment led by Blackstone Tactical Opportunities to support the company's vision to create the industry's leading intelligence-led cyber security platform and services company.
John-Knee
4 years ago
FireEye Announces $400 Million Strategic Investment Led by Blackstone
2020-11-19 01:01:01 PM ET (BusinessWire)
FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced a $400 million strategic investment led by Blackstone Tactical Opportunities to support the company's vision to create the industry's leading intelligence-led cyber security platform and services company. Blackstone will be joined by ClearSky a cyber security-focused investment firm, as a co-investor in the transaction. FireEye intends to use the proceeds to support strategic growth initiatives, including the acquisition of Respond Software announced today, as well as increased investment to accelerate the growth of the company's cloud, platform and managed services portfolio.
Under the terms of its investment, Blackstone and ClearSky will purchase $400 million in shares of a newly designated 4.5% Series A Convertible Preferred Stock of FireEye (the "Series A Preferred"), with a purchase price of $1,000 per share. The Series A Preferred will be convertible into shares of FireEye's common stock at a conversion price of $18.00 per share. The investment by Blackstone and ClearSky is subject to customary closing conditions. In conjunction with Blackstone's investment in FireEye, FireEye will appoint Viral Patel, Senior Managing Director at Blackstone, to its Board of Directors upon the closing of the transaction. Additional information regarding the investment and the Series A Preferred will be included in a Form 8-K to be filed by FireEye with the Securities and Exchange Commission.
"Blackstone and ClearSky have a track record of developing and supporting industry-leading cyber security companies. Their investment validates our vision and provides financial, operational and leadership resources to accelerate our strategy," said Kevin Mandia, FireEye chief executive officer.
Viral Patel, a Senior Managing Director at Blackstone, said: "Blackstone and FireEye have a shared vision of the unique role FireEye can play in addressing the increasingly sophisticated cyber security challenges their customers face. Intelligence and expertise are critical in delivering effective cyber security solutions, and FireEye is an industry leader in both. We are excited to partner with the company's board and management to accelerate execution on their vision."
John-Knee
4 years ago
FireEye to Announce Third Quarter 2020 Financial Results on October 27, 2020
2020-10-05 07:00:00 AM ET (BusinessWire)
FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that it will release financial results for its third quarter 2020 on Tuesday, October 27, 2020 after the close of the U.S. markets. FireEye will host a conference call the same day at 5 p.m. EDT (2 p.m. PDT) to discuss the results.
Interested parties may access the conference call by dialing 877-312-5521 (domestic) or 678-894-3048 (international). A live audio webcast of the call may be accessed from the Investor Relations section of the company's website at https://investors.fireeye.com. Shortly after the conclusion of the call, an archived version of the webcast will be available at the same website.
About FireEye, Inc.
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant(R) consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 9,300 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.
(C) 2020 FireEye, Inc. All rights reserved. FireEye and Mandiant are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20201005005165/en/