Transforming Ransomware Strategies with Chimera

In the digital age, the threat of cyber attacks looms large over businesses and institutions worldwide. This month, a new ransomware variant called Chimera has surfaced, adding to the growing list of malicious software that poses a significant risk to data security.

The first known ransomware was detected back in 1989, but it wasn't until the advent of the Internet revolution and automated online payment systems that organized cyber gangs began using ransomware on a large scale. This malicious software has caused billions of dollars in damages, with the third iteration of the CryptoWall variant alone causing an estimated $325 million since January 2015.

Two high-profile breaches, those at Target and Home Depot, required substantial expenses for credit monitoring services, replacing millions of credit cards, and upgrading security infrastructure. The Target breach involved 40 million PCI records and 70 million customer PII records, costing Target $252 million. The Home Depot breach, on the other hand, involved 56 million PCI records and 53 million email addresses, costing the company roughly $33 million.

The Sony breach, while not involving the exposure of millions of credit card numbers, resulted in the public exposure of undisclosed information. The breach detection window for these companies could be measured in weeks and months, highlighting the need for more effective measures to detect and respond to cyber attacks.

Implementing User Behaviour Analytics can dramatically reduce the time between breach and discovery. Kieran Laffan, an engineer at Varonis, succinctly stated, "While you may not be able to stop the attacker from getting inside, it's possible through good governance and monitoring practices to limit what's available and notify IT when the attackers are viewing and copying sensitive data."

Detecting and arresting ransomware requires an inside-out security approach. IT security must look to block phishing emails, educate employees about the threat, restrict access to social media, monitor network connections to known Command and Control (C2) URLs/IP addresses, and watch for malicious processes.

However, the battle against ransomware is not just about technology. The real key lies in focusing on the files and emails that employees create and view every day. This unstructured data, which is the largest data set in most organizations, often the most valuable, and, unfortunately, the least controlled, is a goldmine for cyber criminals.

In light of the increasing frequency and severity of ransomware attacks, the Federal Financial Institutions Examination Council has issued a statement to warn financial institutions about the threat. As the digital world continues to evolve, it is crucial for businesses and institutions to stay vigilant and proactive in their approach to cyber security.