Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Ransomware Attacks: A Quantum Leap from Quantity to Quality

By Tom Bain
ransom-cyberenews
August 2, 2018

The cybersecurity attack landscape moves fast, really fast. Last year, not a week passed that didn’t bring about news on a new ransomware incident. Of course ransomware’s very nature lends itself to newsworthy headlines based on how incredibly damaging to businesses this class of attacks can be.

Unlike other types of malware which rely on stealth characteristics to infiltrate systems or quietly siphon off data untraced, ransomware boldly declares its intent. After the WannaCry outbreak, which leveraged the leaked NSA EternalBlue exploit, ransomware had become a mainstream topic of conversation, and a major concern.

Fast forward a year and by all accounts ransomware incidents are on the decline – by as much as 32% according to some reports. So should security practitioners check ransomware off their list of things keeping them up at night? Dig a little deeper and we see that, for enterprises, the ransomware threat is not going away anytime soon. While attack volume may have declined, ransomware attacks have evolved to be more sophisticated, targeted and effective against unsuspecting users and unprepared organizations.

As a recent example, let’s look at the March attack on the City of Atlanta. The SamSam ransomware used to attack the city’s IT infrastructure infiltrated the network, hiding its presence while it harvested credentials to spread to multiple computers before locking them up. The result was a mass shutdown of online city services and an estimated cost of at least $2.6 million in clean-up and response.

The New Face of Ransomware

For a better understanding of why ransomware isn’t going away anytime soon, we only have to look at the newest ransomware on the scene, GandCrab.

GandCrab first appeared in January and has already gone through multiple iterations, with new versions released as soon as a decryptor is developed. The cybercrime group behind GandCrab uses a partnership ransomware-as-a-service (RaaS) approach, focusing its efforts on development and taking a cut of proceeds rather than running campaigns themselves. It’s been estimated that over 50,000 victims were infected by GandCrab by the end of Q1, netting its criminal distributors over $600,000.

Another RaaS newbie, DBGer (formerly Satan), regularly adds new exploits to its bag of tricks including the infamous EternalBlue. Recently it received an upgrade to include capabilities that allow it to move laterally through the network, ensuring maximum damage for the buck.

How Can Organizations Protect Themselves?

The first rule of course is backup, backup, backup. While it won’t prevent an attack, it can minimize the damage.

In addition, end-user education on cyber safety can go a surprisingly long way. Phishing emails remain the number one delivery mechanism for ransomware. The ransomware attack on the Lansing Board of Water and Light in Michigan, which forced the utility to shut down its accounting system, email service and phone lines, succeeded because a single employee opened an attachment to a phishing email.

Education, however, only goes so far when an email purports to be from someone you know or an exploit kit hides in a banner ad on a legitimate website. A defense-in-depth strategy is crucial.

Unfortunately, when it comes to ransomware, most security solutions have proven fairly ineffective. Many victims of ransomware are running fully-updated antivirus engines alongside anti-exploit and/or HIPS engines at the time they get hit. Signature-based solutions simply can’t keep up with the pace of new malware variants, especially when polymorphic code can generate a new signature as quickly as every 15 or 20 seconds.

By contrast, behavioral detection tools analyze a file’s behavior, often using machine learning, to compare and identify ransomware. Although these are more effective against new variants than static detection, they still can be evaded by various techniques and come with their own set of problems, including false positives and resource-intensive updating and monitoring.

Most significantly, both static and behavior-analysis solutions fail to detect and protect today for one main reason: Many ransomware variants are fileless, injecting malicious code into legitimate operating system services like Windows PowerShell.

It’s important to remember that ransomware is the last part, the payload, in an attack kill chain. The real question is how to stop the initial exploit. You need a deterministic, powerful threat prevention technology that doesn’t require prior knowledge or indicators to simply eliminate any hope of a targeted threat executing.

One method is to reduce or obfuscate the attack surface itself so that target vulnerabilities cannot be found. For example, newer technologies like moving target defense use counter-deception techniques to continuously and persistently change the target surface so the ransomware payload is never delivered.

Finally, don’t neglect to patch early and often. The SamSam attack on the City of Atlanta leveraged an unpatched server vulnerability, which an internal security audit warned about months before the attack occurred.  

KEYWORDS: cyber risk management cyberattack data breach ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

About the Author: Tom Bain is Vice President of Security Strategies and Marketing for Morphisec. He has over 15+ years of experience with leading IT Security organizations, including leading strategic go-to-market, analyst, market research, communications, digital marketing, demand generation and partner marketing.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • ransomware

    Four steps to deliver a deadly counterpunch to ransomware attacks

    See More
  • cyberinsurance

    With ransomware attacks increasing, cyber insurance now seen as a necessity, not a luxury

    See More
  • cybersecurity mask

    Report shows a nearly 40% increase in global ransomware attacks

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing