Google outlined the emerging ransomware threat and “best practices” to combat it.
The post office – authored by Phil Venables VP, Chief Information Security Officer, Google Cloud and Sunil Potti VP / GM, Google Cloud Security – highlights the intransigence of ransomware and the evolving threat.
Much of the discussion centers around Google products, and the authors are quick to point out the benefits of Google Cloud and other Google software and services, but more generally the guarantees apply to any organization looking to fend off ransomware attacks. .
Ransomware, in its basic form, encrypts an organization’s files, effectively locking down an organization’s most valuable data. A ransom is then demanded to unlock the files.
Putting ransomware in perspective: it’s nothing new
“Ransomware … is not a new threat in the world of computer security,” say the authors. According to Google, “financially motivated and destructive” attackers who demand payment to decrypt data and restore access have been around for years.
“Today’s reality shows us that these attacks have become more widespread, affecting essential services like healthcare or the pumping of gasoline,” Google said.
Email is not your friend
Google reiterates and reaffirms what any self-respecting cybersecurity expert will tell you.
“Email is at the heart of many ransomware attacks. It can be exploited to phish credentials for illegitimate network access and / or to directly distribute ransomware binaries, ”the authors state.
Chromebook as a defense
The authors make good points about the security of Chromebooks. And I can attest to that. I own and use Chromebooks and agree that Chrome OS is more secure than Windows or Mac (which I also use).
“Chromebooks are designed to protect against phishing and ransomware attacks with a small on-device footprint, read-only, constantly invisibly updating operating system, sandboxing, verified boot, safe browsing and Titan-C security chips, ”the authors write.
“Deploying ChromeOS devices to users who primarily work in a browser can reduce an organization’s attack surface, for example by relying too much on older Windows devices, which have been shown to be often vulnerable to attacks.” , according to the authors.
Evolution of the threat
Sometimes referred to as “double extortion” and “triple extortion”, ransomware groups are constantly evolving their tactics.
These additional new threats include the theft of data before encryption (and the threat of exposing that data) and Distributed Denial of Service (DDoS) attacks.
“Some ransomware operators have used the threat of distributed denial of service (DDoS) attacks against victim organizations to try to coerce them further into paying ransoms,” the authors said.
In fact, these new tactics are now more the rule than the exception, as they give criminal gangs more leverage – and the more leverage the better when it comes to extorting millions of dollars. dollars to an organization.
The authors specify what organizations need, namely:
- Pillar # 1 – Identify: Develop an understanding of the cybersecurity risks you need to manage
- Pillar # 2 – Protect: Create backups to ensure the delivery of critical business processes and services
- Pillar # 3 Detect: Define ongoing ways to monitor your organization and identify potential cybersecurity events or incidents
- Pillar # 4 Respond: Activate an incident response program within your organization
- Pillar # 5 – Recover: Build a Cyber Resilience Program and Backup Strategy
Google is not immune to news linking it to ransomware attacks
While not included in Google’s post (for obvious reasons), Google products are also ransomware news.
Ryuk ransomware has been behind campaigns to send phishing emails with links to Google Drive documents, as Cybersecurity and Infrastructure Security Agency (CISA) explained in a notice in October of last year.
Around this time, the CISA, the FBI, and the Department of Health and Human Services said malicious cyber actors were targeting the health and public health sector with TrickBot and BazarLoader malware, often leading to attacks. ransomware, data theft and disruption of healthcare services.
“The email received by a victim will contain a link to an actor-controlled Google Drive document or other free online file hosting solutions, typically claiming to be a PDF file,” the CISA notice said.
Through phishing emails linking users to Google Docs, bad actors used the bogus files to install malware.