Updated On 15 March, 2023
Ransomware: New Gangs and Strains
Ransomware has been a major concern for security leaders at global enterprises for years – and it shows no sign of slowing down as it continues to evolve and becomes easier to perpetrate with the tools accessible on the dark web. Like any modern problem, preventing ransomware requires modern solutions.
As a global leader in Penetration Testing, BreachLock®’s Founder & CEO, Seemant Sehgal, shares his expert perspective in an interview with Cybercrime Magazine’s Steve Morgan on preventing ransomware attacks and shares how Red Teaming as a Service (RTaaS) is a key solution to the problem. Check out the video or read forward for the transcript.
“Hi, I’m Steve Morgan, Founder of Cybersecurity Ventures and Editor in Chief at Cybercrime Magazine. I’m here today with Seemant Sehgal, Founder & CEO at BreachLock®, developers of a world-class, award-winning Pen Testing as a Service (PTaaS) platform. Seemant, welcome – great to have you back with us again.”
“Thank you – it’s great to be here, Steve.”
What is the Current State of Ransomware?
“We’ve talked about this before, we’re going to talk about it today, and I suspect, unfortunately, that we’ll still be talking about this a year from now – the topic is ransomware. It’s the fastest-growing type of cybercrime, we keep thinking it’s going to slow down, but it hasn’t, and it’s changed a lot. It’s no longer just holding data hostage in hopes of a ransom payment. Talk to us, Seemant, about extortion, ransomware as a service, any new gangs, strains, and whatever it is you’re seeing ransomware.”
“Ransomware is a thing to deal with, and in terms of new stains, we have seen LockBit, and we’ve been hearing a lot about a new one called Royal, and it’s doing a royal job and what it does. We’ve heard a lot of complaints from our clients that are affected by it and are dealing with the crisis, and it has grown into a real menace.
With ransomware as a service, for example, for $40, you can go on the dark web and become an affiliate and launch a ransomware attack on a target with a very intuitive GUI – so you don’t need any programming experience for that. That’s really taken a toll on the industry because now people can impact businesses at scale. However, if you look at it from an expert perspective or an ethical hacker’s perspective, it’s actually a complete hack, right? With ransomware, there’s:
- An infection;
- Escalation of privileges;
- Lateral movement; and
- Exfiltration of data.
And to your point, Steve, what I see is that it’s a double extortion method now. What that means is that not only would they encrypt your data, but they would also take your data, right? Either way, they will hold you to the ransom, as they say, because if they can’t encrypt it, they will certainly tell you that they’re going to upload it to Pastebin or another public source, and then you have a reputational risk.”
How Can Red Teaming Prevent Ransomware Attacks?
“We have a lot of CISOs who tune in, including Fortune 500, Global 2000, and mid-market enterprises who have a fairly good understanding of penetration testing and why they should be doing it. You know, the idea around protecting themselves as far as vulnerabilities and exploits – but what about ransomware in particular? I mean, with ransomware, you don’t know what’s coming. You know what the next gang or strain looks like, so talk to us about penetration testing in the context of ransomware.”
“Absolutely, and Steve, the term pen testing or penetration testing is sometimes misused. Just to set the scope of this answer, pen testing is something that’s very system-focused. When you have an attack like ransomware, the ransomware is not up against the system – it’s up against an entire ecosystem.
When you test an ecosystem, in our industry, we call that a red teaming exercise, because now you’re testing:
- Processes; and
When combined, these three things make up an ecosystem that could end up under attack. To your point, it’s extremely important to prepare for an attack like ransomware proactively, and it’s not very different from the normal kill chain phases that you hear about. Like I said, there is going to be an entry point, whether it be phishing, a vulnerability, or lost access credentials. If somebody comes in, there’s going to be an infection – so your endpoint security is going to be put to the test.
When it comes to the awareness of employees and endpoint security, if somebody gains foothold, they’re going move on from there – that’s where your lateral moment and layered defense is coming in. Then, they exfiltrate the data, which means now your security monitoring controls your parameter security, and your DLP is all going to be put to test. Red teaming is the answer to that question – you have to look at your organization as an ecosystem where you have people, processes, and technology, and then look at it from a hacker’s perspective. That’s what we do in red teaming exercises.”
“I appreciate the feedback and insights, and I know the CISOs do as well. Seemant, we’ll be putting our next ransomware report next quarter and hope to have you come back on and talk some more.
I’m Steve Morgan, Founder of Cybersecurity Ventures and Editor in Chief at Cybercrime Magazine. Joining us today was Seemant Sehgal, Founder & CEO at BreachLock®, developers of a World Class, award-winning penetration testing service platform.”
Discover Red Teaming as a Service with BreachLock®
Red Teaming as a Service from BreachLock® gives you a full hacker’s perspective on the security posture of your entire ecosystem – including people, processes, and technology. Red teaming exercises are conducted by 100% in-house, certified security experts to maintain the industry’s highest quality standards. Schedule a discovery call with an expert to learn how Red Teaming as a Service from BreachLock® can serve as a key solution to preventing ransomware attacks in your enterprise digital environment.