Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Ransomwhere? All the ways that cybercriminals are advancing their craft

By Shay Siksik
ransomware-freepik1170x658xtkh.jpg

Image via Freepik

May 12, 2022

In 2020, 10% of all breaches included ransomware. This doubled the following year, according to the 2021 Verizon Data Breach Investigations Report. Approximately 37% of global organizations said they were the victim of some form of a ransomware attack in 2021, according to IDC’s 2021 Ransomware Study. And the FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints between January 1 and July 31, 2021. That represents a 62% year-over-year increase.


The hybrid cloud problem

Hybrid cloud architecture may provide a great computing environment, but it is also a goldmine for intelligent hackers. They can exploit security gaps to obtain an initial foothold in the network and then move laterally between on-premises and cloud applications to wage a highly damaging ransomware campaign. They don’t even necessarily need additional vulnerabilities to make the jump to the cloud because there are so many legitimate cloud configurations that allow them to do so - for example, an access key found on a developer’s workstation. 


For an attack to be successful, hackers only need to uncover one of the following:


●    Vulnerabilities: Environments that have been exploited and sometimes even patched, but are already in the possession of attackers 

●    Misconfigurations: Configuration errors that allow attackers to exploit the environment and perform future man-in-the-middle attacks

●    Poor security hygiene: If attackers are able to compromise the machine of an IT employee, they can find credentials and move laterally through the network 


Even worse, ransomware is evolving every day, keeping IT leaders on their toes and challenging them to adapt their responses. Mass attacks are giving way to highly targeted incidents, and hackers have moved beyond mere databases to target AWS S3 public cloud storage buckets, compute resources (virtual machines), and other components that sit in the cloud. It’s important to understand the nuances and trends so that you can defend against them.


The difference between ransomware and ransoms

We’ve seen ransom in the form of extortion for hundreds of years — long before cybersecurity was around. 10 to 15 years ago, we saw ransom campaigns against individuals that extorted money to prevent DDoS attacks. But then ransomware hit, and we were subject to multiple malware variants. Now, we are seeing attackers who breach enterprise networks via phishing emails or some other simple method, then use vulnerabilities and misconfigurations to pivot their way through the network - both on-prem and into the cloud - until they find the critical assets. And by then, it’s too late.


These new attacks are not ransomware in the traditional sense; in other words, they do not involve a hacker designing a piece of malware to infect your entire organization. As such, there are different terms tied to these campaigns, such as ‘software exploits’ and ‘cracked passwords.’ Imagine an attacker gaining control of an AWS account’s permissions via a hacked password, as opposed to using malware to infect the organization and lock out its resources. Simply gaining access to account permissions isn’t ransomware; it’s extortion with a ransom attached to it.


Differentiating between real ransomware and cloud or DDoS ransom is essential. By not understanding the nuances, organizations frequently request ransomware tests and exercises for their environment with no understanding of what it means. Are they talking about specifically dropping a piece of malware on an endpoint? Or finding all of the different ways their critical assets could be breached and held for ransom? Typically it’s the latter, and that differentiation needs to be made.


Ransomware is becoming a more sophisticated industry

As ransomware has evolved, it is no longer a one-person job. It has become a more mature industry, with actors who think of attacks as their business.


The process has also evolved into multi-pronged exploitation. If an attacker is able to secure the right credentials on-prem, they can get access to the cloud to conduct advanced persistent threats. Once they’re inside the environment, they can lurk there for days or even weeks to access as many components as possible and maximize the ransom demand. 


Take the Colonial Pipeline attack, for example: once hackers gained access to the system, they conducted stealth reconnaissance while laying the groundwork for a wide-scale assault. It began with access to a directory account, then moved to a VPN, then finally moved laterally to critical assets before holding those for ransom. 


Sure, a customer database might be worth some ransom money, but once attackers have established control of the environment, they can wait and gain access to more components that allow them to request 5x, 10x or more than what they could’ve requested just for the database. The Colonial Pipeline attackers were able to request significantly more in ransom than they would have if they’d jumped once they had access to the directory account. 


In other extreme scenarios, entire organizations have gone dark due to both their IT and OT systems being completely compromised.


Triple extortion ransomware: The third-party threat

Prominent attacks that took place last year also point at a new attack chain — essentially an expansion to the double extortion ransomware technique of exfiltrating a victim’s sensitive data in addition to encrypting it. Now, attackers are integrating an additional, unique threat to the process — Triple Extortion.


Not only are hackers demanding money from the companies they breach, they’re also now extorting those companies’ customers. For example, hackers who breach your health insurance company could demand payment from the business and then turn around and email you directly, stating that they will release your credit card details and medical history if you don’t pay a ransom. 


The Ransomware Remedy: Modeling attack paths

One proven way of defending against these evolving attacks and ominous triple extortion ransomware is by modeling attack paths. An attack path is a visual representation of all the vulnerabilities, misconfigurations, user privileges and actions that chain together to provide attacker access through a company’s network. For example, let’s say an adversary gains an entry point into your system by exploiting a weak password. Once they get a foothold, they can then try to harvest credentials and move through the system by exploiting access privileges and network access, eventually moving towards a critical asset, which is then exfiltrated or otherwise compromised..


By viewing your network through the eyes of the attacker, you are able to see all existing attack paths to your critical assets, identify the choke points where multiple attack paths converge, and take quick and simple remediation steps to eradicate the risk in the most cost-effective manner, so that even if an attacker breaches your network, your ‘crown jewels’ cannot be compromised.


Conclusion 

Ransomware is not going away; it will just continue to take on new forms. This is why developing a strong security posture across your hybrid-cloud networks must be a continuous effort. 


The first step is to understand that breaches are a fact of digital life. You will get hacked, so it is crucial that you find and remediate the security issues that put your critical assets at risk — before they are exploited. On the bright side, solutions are available to make the task easier. Using attack path management to shine a light on exposures is one of the strongest weapons you can have in your arsenal. It illustrates not only where you are vulnerable, but how hackers could exploit those exposures to pivot through your network until they reach your critical assets.

KEYWORDS: business continuity cyber security data breach ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Shay

Shay Siksik works as a Vice President, Customer Operations & Chief Information Security Officer at XM Cyber, which is a Security Software company with an estimated 110 employees; and founded in 2016. Siksik graduated from University of London in 2018 and is currently based in Herzliyya, Israel.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • test

    CISOs are changing their ways amid their toughest environment ever

    See More
  • Security blog default

    Three ways that cybersecurity companies can close the gender gap

    See More
  • 5 mins with Sarah Tatsis

    5 minutes with Sarah Tatsis - Why women are needed in the ongoing fight against cybercriminals

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing