The Rules of Ransomware Attacks Are Changing. Here’s How to Ensure Your Security Approach Isn’t Left Behind.

XM Cyber

No three words send shivers down the spine of cybersecurity leaders more than “successful ransomware attack.” This is for good reason — few cyber-crimes possess the same power to utterly paralyze business operations and force victims into a situation where the optimal outcome is usually the “least terrible” one.
Here’s the bad news: According to the 2021 Verizon Data Breach Investigations Report, ransomware attacks are sharply increasing and now represent 10-percent of all cyber-attacks. That’s a 100-percent year-over-year increase. Ransomware is now the third-most frequent cause of data breaches.

One reason why ransomware attacks are rising has to do with an evolution in how such attacks are conceived and executed. Simply put, the old ransomware playbook for attackers is largely being retired in favor of new tactics that make the consequences of a successful attack even more dire.

Let’s take a closer look at how ransomware attacks are evolving — and how XM Cyber plays a critical role in ransomware cyber-defense.

How Ransomware Attacks Have Conventionally Occurred

To defend against ransomware attacks, organizations have used the conventional array of security tools plus ransomware-focused solutions such as data backups. However, this approach is no longer equal to the task — and truly never was.

Attackers have updated their tactics, which means that it is often “game over” for those who fail to adapt in turn. Such organizations are often left with no good solutions once an attack is executed.

Weak Resistance and Ripe Conditions for Attackers

Too often attackers find little resistance in their way. According to our XM Cyber research data, it typically takes just two steps to get from breach point to critical asset, and 72-percent of critical assets have attack paths leading toward them.

At a time when pandemic-related issues have increased telecommuting dramatically, it has never been easier for an attacker to leverage a VPN and gain a foothold into a network, or send a spoofed link that looks virtually identical to what the recipient is accustomed to seeing. This means that the conditions are ripe for successful ransomware attacks, and that smart organizations should work from the principle of “assume breach”.

Get a better understanding of how exposed you are to a ransomware attack and the steps you can take to quickly reduce the risk. Fill out the form to start your 30-day ransomware readiness assessment now.

The Modern Ransomware Playbook

Today’s ransomware gangs are much more targeted in how they approach attacks. They will often spend time compiling intelligence about potential victims and their supply chains. They know who is vulnerable and who is likely to generate a payout if compromised.

Attackers are also fully aware of backup security solutions. Today’s ransomware attacks don’t stop at encrypting data; they often exfiltrate that data before it is encrypted. This is what is known as  “double extortion”. They spend more time in networks, seek to access more data, and as a result generate larger payouts. They don’t simply encrypt and announce their presence. It turns out that they exfiltrate the data, and if the victim does not pay the ransom, the data will be sold on the darknet, made public, or sold to a competitor, etc. They know that, even if you have backups, that is often a small consolation when that data can be sold to a competitor or circulated publicly.

How XM Cyber Helps Defend Against Modern Ransomware Attacks

Enterprises are often blind to the way attackers can move throughout their networks and how easily they can reach critical assets. XM Cyber helps enterprises understand how they can be attacked by illuminating all possible attack paths to their critical assets in on-premises, cloud and hybrid environments.

This helps prevent lateral movement toward the critical assets and predicts how an attacker will behave. Often, attackers will require months to complete data exfiltration. XM Cyber’s ability to prevent machine-to-machine movement by continuously revealing cyber exposures across networks, such as misconfigurations, unpatched vulnerabilities, and mismanaged identities that allow attackers to propagate the network is critically important for preventing ransomware attacks.

XM Cyber allows you to:

  • See all possible attack paths to your critical assets in visualized attack graphs.
  • Know what high-risk issues to fix first for the best and cost-effective impact on your security posture.
  • Leverage your team with a prioritized, actionable remediation plan.

Ransomware perpetrators are no longer simply aiming for encryption and a payday, they want to maximize their payout i.e reach your crown jewels. To defend effectively, organizations need tools that reveal all possible attack paths and disrupt the ability of attackers to move laterally and threaten crown jewel assets.

Get a better understanding of how resilient you are to a ransomware attack and the steps you can take to quickly reduce risk. How?

Shay Siksik is VP Customer Operations at XM Cyber

Related Topics


Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.