When it comes to ransomware attacks, newly released information from FortiGuard Labs shows that the malware’s quality is higher than ever before.

The latest semiannual “FortiGuard Labs Global Threat Landscape” report, released in August, showed that attacks on internet of things and operational-technology devices were “evolving to become more targeted and more sophisticated.”

This was not good news for firms like fitness tracking manufacturer Garmin Inc., which reportedly paid $10 million last month in a recently disclosed ransomware attack.

“We’ve seen things like Master Boot Record, or MBR, ransomware,” said Derek Manky (pictured, left), chief of security insights and global threat alliances at FortiGuard Labs. “This is persistent; it sits before your operating system when you boot up your computer, so it’s hard to get rid of it. It’s prolific, and we’re seeing not only ransomware attacks for data, we’re starting to see ransom for extortion, for targeted ransom cases that are going after critical business.”

Manky spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio. He was joined by Aamir Lakhani (pictured, right), lead researcher at FortiGuard Labs, and they discussed a shift in tactics among cybercriminals from ransom to extortion, how FortiGuard gains visibility into ransomware attacks, and the value of automation to combat network intrusion. (* Disclosure below.)

Negotiating tactics

It its latest report, FortiGuard noted that the most heavily targeted sectors for ransomware attackers were telecommunications, managed security service providers, government, education and technology. FortiGuard researchers found an increase in ransomware incidents where attackers stole a victim’s data and threatened wholesale release as a form of extortion.

This has evolved into negotiating tactics between victims and criminal actors, as even backup systems are under attack.

“Hackers are getting smart; they’re trying to go after the backups as well,” Lakhani said. “A lot of corporations these days are not only paying the ransom, they’re also actually negotiating with the criminals as well. You want $10 million? How about $4 million?”

Lakhani and Manky used a video to demonstrate the steps that often occur during a ransomware attack and how FortiGuard employed a combination of open-source, commercial and customized tools to visualize where the malware may reside inside a network and the key points of external communication.

“We want to see the relationship between this one ransomware and anything else there may be in a system,” Lakhani explained. “That helps identify perhaps where the ransomware is connecting to, where it’s going, and other processes it may be doing. We can block external websites if we can identify a command and control system.”

The constant flow of traffic and threats for any global network generate a significant amount of security log data. However, a worldwide shortage of trained network security professionals has led many customers of FortiGuard to embrace automated solutions, enabling “last-mile” optimization of cybersecurity protection.

“That’s where AI and machine learning come in to solve that last-mile problem,” Manky explained. “You have to be quicker than the attacker; it’s an arms race. You need intelligence products to protect against intelligent attacks.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE