Dealing with attacks in the Ransomware-as-a-Service era

Addressing Ransomware in Organizations and Application Security

[For an attacker], where there’s an absence from technical protection, there’s always the presence of human error.

• KEN JOHNSON (@cktricky)

Ransomware is everywhere! The international news regarding the May 2021 ransomware attack on Colonial Pipeline and the subsequent service shutoff affecting consumers throughout the U.S. southeast put launched ransomware into headlines and general awareness. Seth and Ken reflect on the topic in this episode, and, with contributions from some Absolute AppSec Clack community members, discuss the increasing frequency of ransomware-style attacks. Even when the exploits don’t receive headlines with the notoriety of colonial pipeline, it’s evident that ransomware is a problem that isn’t going away.

In a wide-ranging discussion on the topic, Seth and Ken providing historical overviews of security responses to the ransomware class of attacks as well as some basic security hygiene tips which can help an organization counteract the worst effects of ransomware.

The need to introduce redundancy in your system operations and to design the security of your infrastructure with pre-mortem attack exercises were the two main points raised during discussion.

Redundancy is one of the main avenues organizations use for preventing ransomware attacks. If [an attacker] does get in (just assume that inevitably someone is going to click on a link), the attacker is going to encrypt the data on a file share. You need to (1) identify that attack, and (2) restore the system to a known good point before the encryption happened.

• SETH LAW (@sethlaw)

According to Ken, ransomware, when addressed a decade ago, faced a security point-of-view that aimed to prevent attacks with a tough exterior defense. Once that exterior defense were breached, there were no planned-for interior defenses, and attackers could feast on the gooey insides of security infrastructures. Pre-mortem planning reflects an evolution in security planning for ransomware. Security planners now assume attackers can find a way in, so organizations need to strategize their responses when the inevitable happens.

To catch up on more of Ken and Seth’s discussion, check out the rest of this episode here on youtube, or search for Absolute AppSec on your preferred podcast service.