2020 was a brutal year for ransomware. Cybercriminals operated without any human decency, targeting the most vulnerable and at-risk parties, such as hospitals, scientists, and global manufacturers. The approach has become more sophisticated and life-threatening, shifting from individual targets to global enterprises, destroying backups, blackmailing victims with public leakage of exfiltrated data, and paralyzing critical systems and infrastructure.
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
A New Year’s Ransomware Resolution
1. January 2021
A New Year’s
Ransomware
Resolution
Guidance for a safer 2021
David White, Axio & Garin Pace, AIG
Presented By:
2. 2
Talking Points
▪ Ransomware trends
▪ Privileged visibility by cyber insurers
▪ Evolved ransomware attack pattern
▪ Top 3 things you should do right now
▪ Ransomware preparedness assessment
in Axio360
Agenda
UPDATE
IMAGE
4. 4
139%
Ransomware continues
its rise as a top cyber
threat impacting
companies worldwide.
Year over year increase in US
ransomware attacks, Q3 20201
50%
Ransomware cases that include
data exfiltration2
$50M
to 70M
Cognizant’s estimated cost of
their 2020 ransomware attack3
360%
Year over year increase in
average ransom payment,
$233,817 in Q3 20202
1. https://securityboulevard.com/2020/11/40-increase-in-ransomware-attacks-in-q3-2020/
2. https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
3. https://www.crn.com/news/security/big-game-hunting-why-tyler-technologies-cognizant-conduent-and-dxc-technology-were-hit-with-ransomware
5. 5
Cyber insurers have privileged visibility
Why insurance matters
to cybersecurity leaders
▪ In the last century, the insurance industry
drove safety and engineering standards
to ‘solve’ the risk of boiler explosions
▪ A few years ago, the insurance industry
began providing financial incentives to
address point-of-sale intrusions
▪ Today, insurers are working to understand
and proactively address ransomware
Update Image
6. 2017 2018 2019 6MO 2020
North America International
Ransomware claims show increasing frequency and severity
• Cyber insurance market reflects the overall threat landscape; ransomware frequency continues to rise
• Ransomware has evolved and now poses material risk to the enterprise; impacts are dramatically increasing
AIG data as of Q2, 2020
Global Ransomware Claim Count Top 20 Cyber Insurance Claims by Type – North America
0
5
10
15
20
2017 2018 2019
Ransomware Data Breach Privacy Event
System Failure Other Malware All Other
North America International Ransomware All Other
First half
of 2020:
75% of
2019 total
7. First Ransom Demand – 2016 – 2020
Incident Response Fee Range – Survey of Major Providers
Business Interruption Length – 2016 – 2020
Breach Counsel Fee Range – Survey of Major Providers
Global Ransomware Claims by Industry
Ransomware is democratic and expensive
• No industry sector or geography is immune; attackers are opportunistic.
• Initial ransom demands now approach ~$40M; with the average drifting up dramatically in 2020 to >$8M.
Min
$<1K
Max
$40M
Median
$1M
Average
$5M
Minor
$5K
Complex
$400K
Average
$90K
Low
<1hr
(0 days)
Max
2,160hrs
(90 days)
Median
168hrs
(7 days)
Average
240hrs
(10 days)
Complex
$1M
Minor
$1K
Average
$40K
AIG data as of Q2, 2020
Ransomware Financial Impacts
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2017 2018 2019
Healthcare Business Services Education Government
Retail / Wholesale Financial Services Manufacturing All Other
8. 8
Big Game Hunting
The new ransomware pattern
Phishing
Network Edge
Vulnerability
Remote Desktop
Protocol
Other
Initial Compromise
https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
9. 9
Big Game Hunting
The new ransomware pattern
Phishing
Network Edge
Vulnerability
Remote Desktop
Protocol
Other
Privilege
Escalation to
Domain Admin
Active Directory
Initial Compromise
10. 10
Big Game Hunting
The new ransomware pattern
Phishing
Network Edge
Vulnerability
Remote Desktop
Protocol
Other
Privilege
Escalation to
Domain Admin
Active Directory
Exfiltrate Data
Destroy Backups
Deploy
Ransomware
Payload
Demand
Ransom
Payment
Initial Compromise
11. 11
Learning from hundreds of
ransomware claims
▪ Increase protections to privileged
credentials, for example
▪ Use MFA on domain admin accounts
▪ Scrutinize domain admin privileges
▪ Eliminate domain admin service accounts
▪ Modernize endpoint protections
▪ Measurably improve vulnerability
management
Top three actions you
should take
12. 12
PREVENT: Protect Against Initial Compromise
▪ Implement Secure Network and Device Configurations
▪ Reduce Network and Supply Chain Vulnerabilities
▪ Monitor for and Stop Attacks
▪ Defend Against Email- and Web-Based Threats
CONTAIN: Limit the Spread of Ransomware
▪ Manage Privileged Accounts
▪ Limit Use of Privileged Access
RESTORE: Respond to and Recover from Ransomware
▪ Implement, Test, and Protect Backups
▪ Plan for Ransomware Response
Axio Ransomware
Preparedness Assessment
14. 14
▪ Sign up for free tool at axio.com
▪ Conduct a free ransomware preparedness
assessment
▪ Use your results to shore up your
protections
▪ Ransomware preparedness assessment
is also available to all Axio subscribers
Check your ransomware
preparedness today