Recorded Future - The Third-Party Ransomware Attack You Never Saw Coming

It’s no secret that ransomware attacks are massively on the rise. Over the past 18 months, ransomware has emerged as the premiere way for threat actors to make money. Ransomware demands are doubling every six months, and for large enterprises, those demands are often for millions of dollars.

Organizations employ a variety of strategies to ensure that ransomware never hits their business. However, the increasing prevalence of ransomware can damage your business without threat actors targeting your infrastructure.

Ransomware Attacks On Your Third Parties Put Your Business At Risk

Ransomware attacks on third parties are not new, but their increasing frequency means that you need to treat it as an inevitability. But before you start your plan to mitigate third-party ransomware risk, it’s important to understand the three different ways a ransomware attack on third parties can affect your organization:

  1. Data breach — If you trust a third party with your sensitive data, you need to treat any third-party ransomware outbreak as a potential data breach, because it likely is. While ransomware is best known for system lockdowns and ransom notes, ransomware actors frequently exfiltrate data first in order to increase their leverage over victims.

    For example, Blackbaud, a cloud services provider, had a ransomware attack that resulted in dozens of their customers issuing breach disclosures to their customers. And that’s in spite of the fact that Blackbaud paid the ransom, with the hope that attackers destroyed the data in response.

  2. Business interruption — Ransomware is notorious for causing business disruption. What would you do if one of your key vendors went offline for a day, a week, or longer? Ransomware attacks cripple a company’s infrastructure, often dramatically disrupting their ability to conduct business. If your third party provides an essential product or service to your business, a ransomware attack can cause massive harm.
  3. The ransomware moves from your third parties to you — In the worst-case scenario, your third party isn’t the only one hit by ransomware – the threat actors use the third-party’s privileged access to jump over to your own organization. We saw this August 2019 when 22 towns in Texas were hit in a coordinated ransomware attack. The common weak point was a managed service provider. Similarly, over 400 dentist offices were hit through a software provider.

Third Parties Aren’t Always Forthcoming on Attack Details

Third-parties affected by cyberattacks aren’t often swift or detailed when it comes to breach disclosure. In the case of a devastating ransomware attack, incident response and cleanup come first — something that can take days or even weeks. But if your third party has been hit by ransomware, you don’t have time to wait for your third party to issue a statement. In addition, breach disclosures often lack key details such as what type of ransomware was used. You need better, faster information, so you can react at speed.

Ransomware Extortion Sites Provide an Opportunity for Action

Ransomware extortion sites are a relatively new method used by ransomware actors to extort their victims. Several ransomware groups use extortion websites to post the names of their victims in an attempt to shame them into paying. If the victims refuse to pay, the actors release the stolen data publically. In some cases they’ll even attempt to auction the data off to the highest bidder.

Monitoring ransomware extortion sites for mentions of your third parties is a crucial part of proactive third-party risk management. It gives you a massive boost in understanding and responding to a potential third-party ransomware attack quickly. While you should never trust information on the sites without proper verification, they are a strong, and more importantly, fast signal that something is wrong.

Stay Ahead of Third-Party Ransomware Attacks With Third-Party Intelligence

Real-time third-party intelligence from Recorded Future allows you to monitor ransomware extortion sites for mentions of your vendors, suppliers, partners, and contractors, allowing you to stay in front of third-party ransomware risk.

In the event that a third party is struck by ransomware, Recorded Future’s threat intelligence enables deeper analysis and better incident response, granting you deep knowledge of trending ransomware threats and threat actors, as well as threat hunting packages to ensure the ransomware isn’t in your environment.

If you’re interested in learning more about what you can do to mitigate third-party ransomware risk, tune in to our webinar “Managing Third-Party Risk in the Age of Ransomware.”

The post The Third-Party Ransomware Attack You Never Saw Coming appeared first on Recorded Future.



from Recorded Future https://www.recordedfuture.com/understanding-third-party-ransomware-risk/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more