After a brief lull in ransomware attacks following the LockBit disruption earlier this year, ransomware attacks spiked again in the second quarter of 2024 and are showing no signs of abating. Extortion demands are likewise on the rise and making headlines for their audacious sums – a $75M ransom was paid in one recent case.
According to Sophos’ State of Ransomware 2024 report, the average ransom payment increased 500% in the previous year, from $400K to $2M. Moreover, the average cost of recovery from a ransomware attack reached $2.73M, an increase of almost $1M.
That ransomware victims continue to pay these ransoms speaks to the high-pressure, high-stakes threat of permanently losing access to their data. Attackers have been incentivized, and their targets are wide ranging, spanning telecommunications, finance and banking, transportation, healthcare and beyond.
Many ransomware victims are caught flat-footed with no response plan. It’s smarter to plan for an attack as if it’s inevitable, with a strategy in place to accelerate response time.
Urgent Challenges
In the rapidly evolving landscape of cyber threats, staying ahead of the game has never been more critical. The struggle to maintain a cohesive defense strategy is a daily challenge for any organization. For managed security service providers (MSSPs), the challenges imposed by evolving ransomware attacks are even more urgent.
As specialized security providers, MSSPs are expected to understand ransomware threats better than anyone. Succumbing to a ransomware attack waged on a client would be a major blemish on an MSSP’s brand.
To their advantage, MSSPs can quickly expand their ransomware protections across all end customers once the initial threat has been identified – if the MSSP acts quickly, if they have the right tools. If not, a high-pressure situation can quickly spiral out of control.
The Cognyte team witnessed this danger firsthand when a European MSSP partner recently faced a severe LockBit ransomware attack targeting one of its end customers, demanding a ransom of several hundred thousand dollars. This MSSP needed to react faster than its disparate tools would permit. A solution was needed ASAP, to be propagated across the MSSP’s full customer base.
Three Tools, Three Silos
The MSSP was using three separate systems to manage the digital risk protection (DRP) and external threat landscape of its end customers. Each system was responsible for a different aspect of their security: one for DRP, another for dark web monitoring, and a third for generic indicator of compromise (IOC) feeds. With this setup, whenever a threat emerged, the MSSP’s team had to open and configure alerts across all three systems, resulting in a cumbersome and inefficient process.
When the ransomware attack hit, the MSSP faced a flurry of alerts across these systems. Each alert required individual attention, and the sheer volume of information made it nearly impossible to get a clear picture of the situation.
The MSSP’s security team was overwhelmed, and despite the barrage of notifications, they lacked visibility into the relevant IOCs and were unable to efficiently correlate data across their disparate systems.
Clarity Through the Chaos
By deploying a unified external threat intelligence platform, the MSSP was able to consolidate DRP, dark web monitoring and intelligence-driven IOC feeds into a single view, transforming its response capabilities. Instead of juggling multiple systems, the MSSP’s team could monitor and assess threats through one integrated interface.
A modern threat intelligence (TI) platform generates meaningful, real-time alerts that provide actionable insights into the attack’s scope and relevant, contextualized IOCs, eliminating the need for manual updates and monitoring of siloed system. By automating these tasks, the MSSP’s team could focus on effective threat mitigation.
AI has become essential to this workflow, efficiently prioritizing and categorizing alerts in a manner that significantly reduces analysis time. Interest is surging in generative AI (GenAI) capabilities for enhancing threat intelligence processes. Experts predict GenAI will be a vital asset for automating reporting capabilities at the pace needed to combat modern ransomware attacks going forward.
With AI/GenAI at its fingertips, the MSSP could scale operations more efficiently, significantly reduce analysis time, and better prioritize threats. Legacy, manual approaches to taming and correlating this data are insufficient for assessing hundreds/thousands of alerts every day – relevant signals can be easily overlooked.
With an advanced external threat intelligence platform, AI can be leveraged to efficiently characterize and classify threats based on severity levels (risk scoring). The ability to automatically assemble chaotic threat data into clearly defined categories helped the MSSP react faster and better focus its efforts and resources to meet the urgency of the ransomware attack.
Resolution And Resilience
By centralizing and streamlining its security operations with a unified system harnessing AI and GenAI, the MSSP was enabled to not only act faster but also to gain a comprehensive understanding of the attack. The monitoring and analysis of multiple cyber threat-related data sources into one cohesive view allowed it to prioritize its response efforts and address the most critical issues first.
The reduction in manual effort and the improved clarity in threat detection significantly decreased the overall impact of the attack. The quick response resulted in no ransom being paid. The MSSP could focus its resources on recovery and resilience, rather than being bogged down by the complexities of managing multiple systems.
When it comes to ransomware attacks, organizations must be increasingly vigilant and so must the MSSPs that serve them. This case underscores the importance of having a unified, integrated approach to threat exposure management, whether you’re an end customer or service provider.
In the face of mounting ransomware threats, there are major benefits to be derived from a centralized CTI platform with unified DRP and external attack surface management (EASM) that leverages advanced AI/GenAI functionality for threat assessment and prioritization. These capabilities can help provide the clarity, efficiency and responsiveness needed to stay ahead of the curve and protect valuable assets effectively.
Your organization’s data is its lifeblood – everything depends on its integrity and accessibility. Your preparedness is essential to defending it from the catastrophic damage of a ransomware attack.
Are you prepared?
About the Author
Maya Kenner Fitoussi is a marketing professional with extensive experience in marketing and sales, specializing in product marketing in the security domain. Currently, she is a Senior Product Marketing Manager for Cognyte’s external threat solution, Luminar. Maya has collaborated with government organizations, enterprises and intelligence agencies, leveraging her expertise in digital forensics, cybersecurity and open source intelligence to help organizations strategize their go-to-market (GTM) approaches while addressing unique security challenges. Maya can be reached online at [email protected] and at our company website https://www.cognyte.com/
