Ransomware attacks are now pointing towards a new trend called Ransomcloud, which we will try to explain today.
For five years we have been familiar with a word that surely has its place in your memory: ransomware. This type of attack, such as the famous “Wannacry”, drove half the world crazy in the spring of 2017, when a hacking sweep revealed huge amounts of data owned by major firms by massively breaching their IT security systems. Well, these types of attacks, focused on what we might call “hardware”, are mutating as user trends change. In recent months, hackers or cyber-criminals have been targeting the multitude of data that companies and organisations migrate in their clouds. This is known as Ransomcloud-type attacks.
Although it may seem like a revolutionary technique, it follows the same method as the ones mentioned above… Well, how do they get their hands on user data: through a direct attack on the customers who sign up for cloud services. We will not be surprised if we discover that this is done by means of a phishing attack, an incorrect service configuration, a DDoS attack ….. In other words, traditional methods applied to the new services that more and more users are signing up for and using; these are Ransomcloud-type attacks. In this way, once they control our access data, they control the services we have signed up for and, therefore, our information in the cloud. It is also true that, on occasions, these Ransomcloud-type attacks directly target the synchronisation of machines with the cloud, trying to encrypt the data locally and then synchronise it with the cloud service, thus encrypting the data. Quite a technological devil.
What are Ransomware attacks, what are Ransomleaks and how do they differ from Ransomcloud attacks?
Ransomware is a type of computer attack whose aim is to compromise the security of a computer, manage to sneak inside and hijack the information stored on it, and then demand payment to recover the data and avoid collateral damage.
This type of attack has become the daily routine for thousands of companies, which in many cases do not have the necessary security measures in place to stop these cases. This puts the confidentiality of an incalculable volume of key company data at risk.
Let us now turn to the so-called Ransomleaks. Attacks of this type go a step further than the actual data breach; they are based on the extortion of victims through the publication of this data. Ransom leaks, which are really an extension of ransomware-type campaigns, copy the victim’s confidential data and encrypt them, denying the victim access to their own data. Once this happens, the attacker demands a ransom for the decryption. This is when, if the victim refuses to pay the ransom, the cyber-criminals threaten to publish the copied data on their leak websites. Every day, new organisations fall victim to this type of cyber-breach, as can be seen in the movements of the hacker group responsible for the Conti ransomware, which now has 320 victims and is the most active hacking group in this new form of ransomware.
How can we prevent such attacks?
In certain matters there is nothing better than having experts in the field such as Ikusi, a technology company with fifty years of experience and focused on the cyber-security and digitalisation of companies.
Threat Protect is the Ikusi solution that will help you provide all the security your company needs in the digital world, from protection to establish a secure protocol in the home office to the implementation of verification systems that will keep your company’s confidential information safe.
In short, it is a corporate cyber-security solution created to offer the necessary protection to any company that has corporate resources in the digital world.
Threat Protect protects information in the digital infrastructure, regardless of whether it is on fixed or portable computers, thanks to a hybrid system that works from the cloud with devices installed on each computer connected to your company’s network.
Threat Protect prevents
- Protects web browsing by proactively blocking any malicious addresses or resources.
- Protects e-mails.
- Protects your endpoints to secure your company’s computers
Threat Protect detects
- Identifies and detects threats through continuous file checks.
- Logs all malicious domain resolution attempts in order to enforce security in all environments.
- Improves containment of traffic seeking command and control, thereby reducing the likelihood of a ransomware attack or data hijacking.
Threat Protect responds
- Offers services managed directly by the Ikusi security team, so that in the event of any incident you will have specialised assistance from the very first moment.
- Provides support from global cyber-threat intelligence platforms (FIRST).
- Provides an efficient response scheme that includes plans and simulations to react in the best way in case of any kind of attack.
How does Threat Protect deal with a cyber-threat or a Ransomcloud attack?
- Ikusi’s intelligence team looks for cyber-threats in online destinations.
- The first security filter provides online protection: it blocks malware, filters malicious content, displays requests to allow or deny the execution of applications.
- It generates a security report that can be consulted by the company or any partner at any time.
- The second filter offers protection for any endpoint: it prevents and detects threats, starts a continuous file scan for malware.
- If it detects threats, it blocks them before they hit.
- It performs advanced searches remotely, 7 days a week, 24 hours a day.
- It mitigates any ransomware attempt or malware execution.
- The third filter provides email protection: it blocks spam and any email that could compromise your company’s security (85% of all emails are spam).
- It reduces the likelihood of phishing and take action to prevent information leakages for this and other reasons.
- It continuously inspects information for malicious code.
- The fourth filter provides a risk review of the infrastructure: this allows your company’s IT team to strengthen the elements necessary to reduce vulnerabilities.
- It mitigates any threat and offers personalised attention from the Ikusi managed services portal in the event that a threat gets through all the security filters.