Key Learnings from “Big Game” Ransomware Campaigns

Key Learnings from “Big Game” Ransomware Campaigns

October 26, 2023 at 12:21PM

A recent report on crypto crime found that ransomware attacks are increasing in prevalence, targeting major industries such as casinos, manufacturing, retail, and technology. Organizations must take specific steps to address these attacks, including understanding the threat, identifying internal signs of attack, and strengthening infrastructure. Utilizing threat intelligence and effective communication can help mitigate risk and respond to incidents successfully.

Based on the meeting notes, here are the key takeaways:

1. Ransomware attacks, particularly those classified as “big game” hunting, are on the rise and affecting major casino operations as well as companies in manufacturing, retail, and technology sectors.

2. Organizations should take specific steps to address ransomware attacks, including understanding the threat, identifying the presence of the threat internally, and hardening the infrastructure.

3. Understanding the threat involves gathering data about the ransomware campaign, such as the adversary behind it, their motivations, and the industries they target. This data can be obtained from various sources, including external data sources (commercial, open source, government, industry, security vendors), as well as internal data about vulnerabilities and defense capabilities.

4. Identifying the internal presence of the threat requires correlating external data with threat and event data from security systems like SIEM or EDR. This helps to detect anomalous activity and take timely action.

5. Hardening the infrastructure is important to protect against ransomware attacks. Organizations need to be aware that threat actors continually shift tactics and use multiple attack vectors. Threat intelligence can help improve incident response and mitigate risk by providing contextual awareness and understanding.

6. Effective communication with key stakeholders is crucial. Organizations should be transparent about what happened during a ransomware attack, how it was addressed, and the measures taken to prevent similar attacks in the future. This helps to build confidence in the organization’s security measures.

7. Leveraging relevant and actionable data is key to mitigating risk. Organizations should focus on a smaller subset of data that is relevant to their operations and dig deeper into that data as soon as an attack is suspected.

Overall, it is important for organizations to have a comprehensive understanding of ransomware threats, detect their presence, secure their infrastructure, and communicate effectively to manage and mitigate risks.

Full Article