· At 4 lakhs, ransomware attacks on enterprises have doubled during April-May-June quarter in comparison with Q1 2020
· Ransomware Alert: Attackers are now stealing data in addition to holding it for a ransom
· Spike in ransomware attacks can be attributed to the absence of robust cybersecurity measures in the wake of remote working culture
: 2020 will go down in history for all the wrong reasons partly because of the mayhem created by attackers using Covid-19 as a theme to target individuals and businesses of all sizes. In its latest quarterly threat report, Seqrite has detected a 2X surge in ransomware attacks during the April-May-June quarter, standing at 4 lakhs, in comparison with the first quarter of 2020. While Maze continued to be a top threat for enterprises, other notable ransomware attacks detected in the quarter include Ryuk, Mailto aka Netwalker, HorseDeal & Gigabyte, RagnarLocker, PonyFinal and Tycoon.
Researchers at Seqrite have observed a visible shift in the behavior of threat actors with ransomware families using a two-pronged approach to target enterprises. In addition to Maze, multiple ransomware families are now capable of stealing sensitive data in addition to holding the victim’s network for a ransom. This makes modern ransomware attacks even more dangerous with threat actors threatening to leak the stolen data if they are not paid. Organisations in sectors like BFSI, Manufacturing, IT/ITES and Government are likely to be the primary target due to the sheer amount of sensitive data they store.
Seqrite’s industry-leading GoDeep.AI platform played a pivotal role in mitigating these threats. The platform leverages a combination of Signature-less and Signature-based detections, which are backed by patented technologies to proactively detect and block known and unknown ransomware attacks. The patented technologies includes Seqrite’s flagship Anti-Ransomware technology that leverages advanced algorithms to conduct focused activity-based detection while also empowering enterprises to recover critical data in case of a breach.
Speaking on the latest quarterly threat report, Sanjay Katkar, Joint Managing Director and CTO – Quick Heal Technologies, said, “Ransomware attacks have always been a concern for enterprises. But what makes them more dangerous is their innovative and evolving nature. While previously, threat actors used to block sensitive data and ask for a ransom in return, now they have evolved and become much smarter than ever. Apart from demanding ransom from the victim, these evolved threat actors steal the encrypted data and sell it in the open market to make dual income sources. Through this report, we aim to spread maximum awareness around the innovative and rapidly evolving nature of ransomware and help businesses combat this situation.”
Maze continues to be a top-most threat to consumers and enterprises
From the house of ransomware, Maze continues to be the top ransomware threat to enterprises for the past one year. It is popular for its new approach of attack where it publishes sensitive data of infected customers publicly using different techniques to barge in. For instance, it leverages exploit kits or email impersonation by sending emails with an attached Word document containing macros to activate malware in the system.
The combined tactics of damaging the victim system by collecting sensitive data and disrupting enterprise networks make Maze a notable threat to many organizations. Casualties of this ransomware include large corporates and PSUs, which recently came under the attack of Maze during the on-going pandemic, logging employees out of their systems through forced encryption of data.
Preventive measures to tackle modern Ransomware threats:-
In times of the Covid-19 Pandemic, when businesses are already suffering from losses, they can’t afford to lose their focus on cybersecurity. At this critical juncture, researchers at Seqrite believe that enterprises need to follow the prescribed cybersecurity best practices to avoid falling victim to ransomware attacks. A few of the measures include: apply regular security patches and updates, use encryption & multi factor authentication wherever possible, disable RDP and SMB ports when not in use, avoid being prey to phishing scams by not opening suspicious emails, and use secure networks when working remotely.
Additionally, every company – no matter how big or small – should define a strong cybersecurity policy and adopt a multi-layered approach covering endpoints, network, data and mobility. While evaluating security solutions, businesses should look for vendors that offer a combination of traditional signature-based as well as signature-less detections to tackle known and unknown or previously unseen malware.
About Seqrite:
Seqrite is the cybersecurity security products & solutions brand of Quick Heal Technologies that helps secure the digital transformation journey of enterprises and SMB firms. Launched in 2015, Seqrite solutions are defined by innovation and simplicity. A combination of intelligence, analysis of applications and state-of-the-art technology, Seqrite is designed to provide continuous and better protection for enterprise corporate customers.
Seqrite portfolio of solutions includes Endpoint Security, Enterprise Mobility Management (EMM), Unified Threat Management (UTM), Secure Web Gateway (SWG) and data protection technologies like Encryption and Data Loss Prevention (DLP). Besides, Seqrite Services provides comprehensive cybersecurity consulting services to Corporates, PSUs, Government and Law Enforcement Agencies. For more information, please visit: www.seqrite.com.
About Quick Heal Technologies Limited: Quick Heal Technologies Limited is one of the leading providers of IT Security and Data Protection Solutions with a strong footprint in India and an evolving global presence. Incorporated in the year 1995, with a registered office in Pune, it is an all-round player in cybersecurity with presence in B2B, B2G and B2C segments across multiple product categories – endpoints, network, data and mobility.
With its state-of-the-art R&D centre and deep intelligence on the threat landscape, Quick Heal helps in simplifying security by delivering the best in class protection against advanced cyber-attacks. Its portfolio includes solutions under the widely recognized brand names ‘Quick Heal’ and ‘Seqrite’ across various operating systems and devices.
Anker products for everyday use
