FALLACY: Ransomware tactics have remained the same throughout the years.
Any cybersecurity professional who has spent at least a few years in the field has probably faced a ransomware infection. However, while ransomware itself isn’t new, the technology and tactics that attackers use increase in sophistication every year.
From a technology perspective, ransomware authors constantly shift their tactics to exploit new and emerging vulnerabilities. There’s a cat-and-mouse game afoot between system administrators, who rush to patch newly discovered vulnerabilities, and ransomware authors, who move on to the next attack technique as administrators apply those patches. As ransomware actors incorporate zero-day attacks into their arsenal, they are increasingly able to bypass firewalls and other defenses.
Attackers are also beginning to use different tactics when exploiting compromised systems. Older attacks relied on simple access-based extortion — pay the ransom, or you won’t regain access to your data. Modern attacks now use “double extortion” approaches, where the attackers combine the loss of access to data with the threat of a data breach. Before encrypting data, attackers copy it all onto their servers and threaten to publicly expose sensitive data unless the victim pays the ransom.
FACT: Training users is an effective defense against ransomware.
Most ransomware infections begin with a simple mistake by an end user. That might be clicking a malicious link or responding to a phishing email. Even the most sophisticated defenses may crumble when an authorized user unwittingly holds the door open for an attack.
Fortunately, training goes a long way in defending against these threats. Organizations that educate users about social engineering attacks and equip them with the tools to recognize and resist them find that they are much less likely to fall victim. Security firm KnowBe4 found that organizations that conduct regular anti-phishing exercises can lower their risk by more than 80 percent over the course of a year.