Cisco’s policies were crucial in mitigating the impacts of the Yanluowang ransomware attack. Cisco were able to detect and evict the malicious actor from its environment, and whilst on this occasion only non-sensitive data was leaked onto the dark web, the next attack could potentially result in the leakage of sensitive data, which could be disastrous for business operations, employees and customers.
Moreover, we don’t want the disclaimer of it only being non-sensitive data leaked to become the norm and for organisations to become apathetic to the longer-term risks posed.
Once threat actors know that an organisation is susceptible to a breach then the risk of further attacks increases. Cyber criminals are inspired by one another’s crimes, and others may challenge themselves to breach an organisation’s network and this time steal personal information.
Even though additional security measures will have been put in place, security teams will still be under immense pressure and stress knowing that they could be hit again, and if breached, it could end in chaos. Therefore, organisations must start looking at new approaches to cybersecurity that stop cyberattacks before they have a chance to steal any data.
Endpoint Detection and Response (EDR), that work on a reactive and mitigation approach, are increasingly being evaded by the latest malware and techniques used by threat actors. Whilst in this case, they were able to stop the attack before disaster, most other examples show the opposite.
Organisations should be looking to implement a preventive mindset when dealing with ransomware attacks. We should not see success as, threat actors leaking non-sensitive data and allowing them to get away with their crimes. It’s worth taking a new approach to cybersecurity where organisations stop ransomware attacks before they breach the network, and end the crimes of ransomware groups once and for all.