Every few years a major threat emerges that dominates the attention of security vendors, start-ups, media and board meetings. APTs, IoT Security and Cloud Security are among such threats. Today, it is safe to say that Ransomware is dominating the conversation, especially after so many high profile incidents have been part of the news cycle, such as Colonial Pipeline, CD Projekt Red, JBS, the Kaseya supply chain attack, as well as many stories on healthcare providers being victimized by such attacks.
What makes Ransomware different than the previous threats that were in the spotlight is that it doesn’t represent a capable new threat actor such APTs or a jump in the attacks’ sophistication like in IoT security. Ransomware isn’t new, its delivery methods aren’t new, even demanding ransom isn’t new. The technical innovation presented in Ransomware incidents, encrypting files on a hard drive, can’t be considered very sophisticated. Yet, despite dealing with a threat that we had many years to prepare for and protect ourselves from, Ransomware is incredibly popular because it works, and it is very profitable for the attackers.
In previous threats, the security industry has faced challenges of new technical capabilities emerging from threat actors, which required the vendors to catch up. In the heyday of banking malware, new innovative features such as HTML injections and Man-In-The-Browser were introduced by their developers, causing vendors to struggle in identifying fraudulent activities. APTs proved to be a major threat because they were able to circumvent traditional cyber defence doctrines, which focused on the perimeter and had no “strategic depth” of detecting attackers after they were already in the systems. IoT and Cloud security required new approaches as the environments that they aimed to protect were quite different than the environments that security solutions were designed for. Ransomware, on the other hand, has none of these challenges.