UPDATED 10:46 EST / MAY 07 2021

SECURITY

Cybercriminals turn to help desk support as FortiGuard Labs charts steep rise in ransomware

The onslaught of ransomware attacks has continued unabated, with a sevenfold increase in ransomware activity in the second half of 2020 over the first half of the year, according to the latest report from FortiGuard Labs.

Perhaps even more troubling is that cybercriminals have turned ransomware into a booming business, complete with help desk support for hapless victims.

“The newest ransom notes that we’re seeing in these targeted attacks are setting up channels to live chat support,” said Derek Manky (pictured), chief of security insights and global threat alliances at Fortinet Inc.’s FortiGuard Labs. “The victim would log in and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. They have a whole business strategy and plan in mind.”

Manky spoke with Lisa Martin, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed the lucrative state of ransomware attacks, what criminals are looking for, and ways that organizations can guard against a breach. (* Disclosure below.)

Highly profitable attacks

That ransomware attacks have reached a point where the criminals running them resemble sophisticated corporations should come as no surprise. Ransomware has become a big business.

“In one of the cases we worked on, they were making over $60 million in three months,” Manky noted. “They know there’s high stakes, so they are demanding high returns in terms of ransom.”

FortiGuard Labs’ report found that heavily targeted sectors included healthcare, professional and consumer services firms, public sector organizations, and financial services companies. In July, just under 2,300 devices were impacted by ransomware per day. By December, that number had skyrocketed to a daily infection rate of 17,200.

“The targeted attacks are more about execution,” Manky said. “They are doing more in terms of reconnaissance; they are spending more investment on weaponization, how they can actually get into the system, how they can remain undetected. They are going after intellectual property, things like source code and personally identifiable information.”

How can organizations avoid falling victim to these attacks? Multifactor authentication, patch management and use of network solutions for endpoint detection and response are always a good idea, according to Manky. But there is still the human element, when one person clicks on a malicious link.

“Start with the people,” Manky advised. “Humans are still often the weakest link in terms of education. You wouldn’t just invite a stranger into your house to open a package that you didn’t order, but people are doing this a lot of the time with email.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU