In the early time, ransomware usually used Trojan viruses, which were non-directional and spread randomly. It invaded the victim's computer when downloading files from the Internet or entered the victim's computer through system vulnerabilities. In the past, most of the victims were ordinary people, and the way they usually dealt with it was to silently pay a ransom of about $1,000 in exchange for unlocking their computers. As the cyber threat landscape changes, the target of threat attacks has shifted from individuals to enterprises, and the attack methods have also changed from random intrusions to targeted intrusions. This is also called targeted ransomware attack.

In recent years, the attack situation has changed significantly, and targeted ransomware has emerged. The target is targeted when the attack is launched, and most of the targets are large enterprises. Hackers usually do not encrypt a computer immediately after intrusion, but find ways to obtain it. The highest level of system access rights, and then install ransomware on all computers in the company at once. When the time is up, all computers will be encrypted and the company will be paralyzed. The ransom amount at one time can even be as high as 50 million US dollars.

With the rise of cryptocurrency popularity, hacker groups have also used cryptocurrency centers to cover illegal cash flow tracing. At the same time, this behavior has become more and more rampant, and has even triggered the US government's determination to take the initiative to combat ransomware, including strengthening cryptocurrency Regulation is regarded as one of the targets of confrontation, and there is also the emergence of the non-mainstream service that has been circulating on the Internet in recent years, the Ransomware as a Service (RaaS) business model. This phenomenon has also attracted more criminal groups to launch extortion attacks.

In May this year, the blockchain research organization Chainalysis released "Report on Major Incidents of Ransomware in 2021", mentioning that 2019 It is a key indicator of the rapid growth of ransom payments. From the average ransom amount of US$6,000 in the first quarter of 2019, to the first quarter of 2021, the average ransom payment has reached as high as US$54,000. This amount has grown astonishingly, especially in the first quarter of 2021. High-tech industries targeted by hacker groups. For example, in 2021, REvil successfully hacked into Acer and Quanta, and the hacker lions asked for a ransom of US$50 million. Whether the company paid it in the end, attackers ask for the huge ransom seemed to become the norm.

Table 1. Average known extortion payment amounts by quarter. Source: Chainalysis Insights。

Most of the general enterprise software and hardware network environments are deployed for office purposes rather than to resist external network attacks. However, hacker group tools are based on the purpose of attack. Usually, once an enterprise is targeted by hackers, it will continue to attack until it successfully invades, and then blackmails the enterprise, which is very difficult to prevent. How to build a dense protective wall for the internal and external systems of the enterprise is a key point of defense that enterprises need to consider. TeamT5 recommends that enterprises must have the concept of "comprehensive prevention of blockage" and set up layers of protection levels within the enterprise to achieve effective prevention, detection and blocking in every link. Therefore, TeamT5 encourages enterprises to implement security deployments towards the concept of "comprehensive anti-blocking". Even if some defense layers are invaded, other protection mechanisms of the system can quickly take over the defense, and the enterprise still maintains continuous operations. Therefore, the concept of "comprehensive anti-blocking" Just like epidemic prevention, it must also include isolation observation, symptom monitoring, preventing transmission, rapid response and isolation of confirmed cases, etc., all of which are indispensable.

TeamT5's new-generation ThreatSonar Anti-Ransomware threat identification analysis and response platform solution, in addition to having APT (Advanced Persistent Threat) malicious threat identification and protection functions, has updated the comprehensive ability to face ransomware attacks.

This solution uses our exclusive artificial intelligence engine to identify suspicious or new external programs. Through isolation and permission control methods, it starts with zero trust and gradually improves the ability to detect new external programs. The trust value of the program is just like the COVID-19 epidemic prevention for foreign visitors, who must take a 14-day quarantine before they actually step foot in the country. It plays as the first line of cyber defense for enterprises.

Facing the encrypted attack stage of ransomware, ThreatSonar Anti-Ransomware also provides dual protection, namely application control and ransom traps. ThreatSonar Anti-Ransomware's exclusive artificial intelligence engine can detect which applications should open which types of files, such as document files are usually opened by document editing programs. If an abnormal program attempts to access the document file, the system will automatically detect it and block it immediately. In addition, ThreatSonar Anti-Ransomware will also deploy many disguised file files as traps. When a malicious program tries to open such files, it will also be detected and the malicious program will be forcibly interrupted to continue running.

In addition to blocking ransomware attacks, ThreatSonar Anti-Ransomware's exclusive technology can also detect hackers' malicious destruction of backups, effectively protecting important files and data to ensure that companies can successfully restore files.

Figure 2. TeamT5’s exclusive technology effectively ensures that enterprises can successfully restore files

Anti-terrorism and anti-epidemic have many things in common. What we have to fight are "people". Using a single solution usually has limited effect, because over time, even if it is effective, it will be bypassed. For example, we cannot rely solely on vaccines, because viruses will continue to mutate, not to mention that hackers are human beings. They will also adapt and change, constantly generating new attack methods and technologies.

TeamT5 has Asia's leading intelligence, continues to research and track the latest methods of major ransomware groups, and effectively predicts future attacks. Through full understanding and continuous updates, TeamT5's latest generation ThreatSonar Anti-Ransomware will be your best choice, please start now Contact us.

[1] https://www.afcea.org/content/sponsored-81-ransomware-statistics-data-trends-and-facts-2021

[2] https://www.varonis.com/blog/ransomware-statistics-2021

[3] https://blog.chainalysis.com/reports/ransomware-update-may-2021/