Home | Community | Blog

Data Security and Ransomware Defense: Part 1

In 2021, cybersecurity authorities noticed a significant increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors.

For Security Engineer Bill Fisher, working on solutions to mitigate cybersecurity threats, such as ransomware, is all in a day’s work at the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE). Bill has worked at the NIST NCCoE for the past eight and a half years, primarily focusing on identity and access management. Recently, he has collaborated with the NIST ransomware team to help address some of the ransomware challenges that face our nation. The NIST NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. Through this collaboration, the NCCoE develops modular, easily adaptable example cybersecurity solutions using standards, best practices, and commercially available technology.

The goal of NextLabs’ Cybersecurity Expert Series is to gain insight from different cybersecurity experts to help create resources that are easy to understand. We sat down with Bill Fisher to gain some insight and spread knowledge on what ransomware attackers are trying to accomplish, how ransomware is distinct from other types of malware, and why ransomware is still so prevalent today. Read his insights below or watch the full Q&A video on our YouTube.

Q1: What are ransomware attackers trying to accomplish?

Ransomware attackers are really trying to accomplish one goal, which is to get you to pay the ransom. They’re not necessarily interested in sensitive data or getting intellectual property or figuring out how they’re going to sell things on after markets, on the dark web, anything like that. They’re really monetarily motivated and they just want to figure out how they can get you to pay a ransom. Because from a sort of cost benefit analysis, that’s the low hanging fruit.

Q2: How is ransomware different from other malware?

In past, you might think of a data breach as something where you discover it, you then have time to investigate it, figure out, “Hey, what does this sort of suspicious traffic look like?” Or maybe I had some sort of hit on a signature or indicator of compromise. These things are typically data confidentiality type attacks. Ransomware attacks aren’t really like that — they’re more of any data availability attack, which means that they’re holding your data ransom, where you don’t have access to it in order to put pressure on the organization.

Q3: Ransomware has been around for a while now, what has put it back in the spotlight?

Attackers are really just getting more organized. You know, we’re even seeing things like ransomware groups hiring negotiators to help negotiate the ransoms to get better payouts. We’re seeing them do things like hire industry subject matter experts who know a given organization’s business and how they operate and helping them come up with a very reasonable ransom. What I mean by that, is a ransom high enough that you’ll still pay it, but not so high, that it doesn’t seem to make sense for you from a cost benefit analysis. So they’re trying to get really good at coming up with numbers for what they request in the ransom. We’re seeing things like ransomware as a service. These attackers are selling parts of an attack. So, if you already have access to an organization, you can go out and buy the ransomware or malware and leverage that. We’re also seeing impacts targeting managed service providers. So, for instance, the Kaseya attack that happened last year, that was a managed service provider and it was estimated that that affected some 1500 organizations.

So again, it’s a bang for your buck type of scenario for the attacker. How do I take the least amount of effort and risk and have the biggest amount of impact and chance of getting paid for the efforts.

This concludes Part 1of the first episode of the NextLabs Cybersecurity Expert Series, Data Security and Ransomware Defense. In Part 2, Bill Fisher will cover mitigating ransomware risk and what resources NIST offers to help manage this risk. Stay tuned to learn more.

Discover more from NextLabs’ Expert Series, featuring industry experts in educational and thought-provoking conversations on Data-Centric Security, Zero Trust Architecture, Safeguarding AI, and more.

To comment on this post
Login to NextLabs Community

NextLabs seeks to provide helpful resources and easy to digest information on data-centric security related topics. To discuss and share insights on this resource with peers in the data security field, join the NextLabs community.

Don't have a NextLabs ID? Create an account.

Leave a Comment Cancel Reply

You must be logged in to post a comment.