Separator

Seqrite's Quarterly Threat Report Shows 2x Surge in Ransomware Attacks in Q2, 2020

Separator
Seqrite's Quarterly Threat Report Shows 2x Surge in Ransomware Attacks in Q2, 2020

CEOInsights Team, 0

The latest quarterly threat report by Seqrite has detected a 2x surge in ransomware attacks during the April-May-June quarter, standing at four lakhs, in comparison with the first quarter of 2020. While Maze continued to be a top threat for enterprises, other notable ransomware attacks detected in the quarter include Ryuk, Mailto aka Netwalker, HorseDeal & Gigabyte, RagnarLocker, PonyFinal and Tycoon.

The prominent Researchers at Seqrite’s have observed a visible shift in the behavior of threat actors with ransomware families using a two-pronged approach to target enterprises. In addition to Maze, multiple ransomware families are now capable of stealing sensitive data in addition to holding the victim’s network for a ransom. This makes modern ransomware attacks even more dangerous with threat actors threatening to leak the stolen data if they are not paid. Organizations in sectors like BFSI, Manufacturing, IT/ITES and Government are likely to be the primary target due to the sheer amount of sensitive data they store.

Seqrite’s industry-leading GoDeep.AI platform played a pivotal role in mitigating these threats. The platform leverages a combination of Signature-less and Signature-based detections, which are backed by patented technologies to proactively detect and block known and unknown ransomware attacks. The patented technologies includes Seqrite’s flagship Anti-Ransomware technology that leverages advanced algorithms to conduct focused activity-based detection while also empowering enterprises to recover critical data in case of a breach.

“Ransomware attacks have always been a concern for enterprises. But what makes them more dangerous is their innovative and evolving nature. While previously, threat actors used to block sensitive data and ask for a ransom in return, now they have evolved and become much smarter than ever. Apart from demanding ransom from the victim, these evolved threat actors steal the encrypted data and sell it in the open market to make dual income sources. Through this report, we aim to spread maximum awareness around the innovative and rapidly evolving nature of ransomware and help

Through this report, we aim to spread maximum awareness around the innovative and rapidly evolving nature of ransomware and help businesses combat this situation



businesses combat this situation,” stated Sanjay Katkar, Joint Managing Director & CTO, Quick Heal Technologies.

Maze continues to be a top-most threat to consumers and enterprises
Maze, from the house of ransomware continues to be the top ransomware threat to enterprises for the past one year. It is popular for its new approach of attack where it publishes sensitive data of infected customers publicly using different techniques to barge in. For instance, it leverages exploit kits or email impersonation by sending emails with an attached Word document containing macros to activate malware in the system.

The combined tactics of damaging the victim system by collecting sensitive data and disrupting enterprise networks make Maze a notable threat to many organizations. Casualties of this ransomware include large corporates and PSUs, which recently came under the attack of Maze during the on-going pandemic, logging employees out of their systems through forced encryption of data.

Preventive measures to tackle modern Ransomware threats:
In times of the Covid-19 Pandemic, when businesses are already suffering from losses, they can’t afford to lose their focus on cybersecurity. At this critical juncture, researchers at Seqrite believe that enterprises need to follow the prescribed cybersecurity best practices to avoid falling victim to ransomware attacks. A few of the measures include: apply regular security patches and updates, use encryption & multi factor authentication wherever possible, disable RDP and SMB ports when not in use, avoid being prey to phishing scams by not opening suspicious emails, and use secure networks when working remotely.

Additionally, every company – no matter how big or small – should define a strong cybersecurity policy and adopt a multi-layered approach covering endpoints, network, data and mobility. While evaluating security solutions, businesses should look for vendors that offer a combination of traditional signature-based as well as signature-less detections to tackle known and unknown or previously unseen malware.