LogRhythm has been one of the pioneers in the field of next-gen Security Information and Event Management (SIEM) solutions. Its systems have been designed to counter various cyber threats that include everything from ransomware attacks to phishing scams. However, when an attacker resorts to extortion tactics, protecting oneself can be challenging.
In an interview that aired on May 26th, 2023, Kevin Kirkwood, Deputy Chief Information Security Officer (CISO) at LogRhythm, explained how businesses can prevent such attacks and how to avoid becoming a victim to their tactics.
Extortion is an increasing trend in the cybercriminal world. Typically, attackers gain unauthorized access to sensitive data and demand a ransom to prevent making the information public or selling it on the dark web. In the case of DoppelPaymer ransomware, for example, the hackers behind the notorious ransomware threatened to publish data they had stolen during their attack unless the victim gave in to their ransom demands.
Kirkwood elaborated on the strategies that an organization can use to prevent and thwart extortion attempts. He said that the first step is to secure the company’s critical data and keep it well-protected. Organizations must also perform regular risk assessments to identify their vulnerabilities so they can take action before an attack occurs.
Kirkwood also advised that companies should have robust IT policies in place to educate employees on how to safeguard data and manage access controls. Staff should be able to identify and report suspicious activities, such as inbound emails or texts that ask for sensitive information or unauthorized access to company resources.
Kirkwood further emphasized the importance of having a strategy in place to respond to an extortion attack. Developing a comprehensive incident response plan is critical in any security strategy, but it’s especially vital for ransomware attacks. An incident response plan includes instructions on how to isolate affected machines, remove malware, and restore services quickly, thereby minimizing damage.
When asked about the role of law enforcement in combating extortion attacks, Kirkwood said that companies should work with law enforcement agencies both locally and internationally. He said that the authorities can help organizations by lending their resources, knowledge, and expertise.
However, Kirkwood also advised caution and urged companies to be wary of any communication that comes from attackers claiming to be law enforcement or an arbitration service. Such messages may be fake and, instead, part of a larger extortion scheme.
Another significant trend that Kirkwood highlighted is an increasing number of attacks directed at the distribution of cryptocurrency wallets used by companies. Criminals are taking advantage of the decentralized nature of cryptocurrencies and the ability to transfer funds from stealth wallets to anonymous accounts.
Despite the difficulty in tracing cryptocurrency transactions, Kirkwood believes that law enforcement agencies are getting better at identifying the criminals behind such attacks. He also expressed hope as more organizations work together to share data about suspect wallet addresses and identify patterns that can help prevent further attacks.
Kirkwood concluded the interview by stating that cybercriminals will continue to adapt to new technologies and trends in the digital landscape. However, the best defense remains to have strong security measures in place to deter attackers and minimize damage if and when they do occur. Companies must continue to enhance their security strategies and seek out the latest cybersecurity solutions to stay ahead of the game.
In conclusion, it is vital to be proactive in protecting your vital data from cybercrime. Through regular risk assessments, developing robust IT policies, and incident response plans, and collaboration with law enforcement agencies, organizations can better defend themselves and safeguard their systems. Furthermore, continuous monitoring and upgrading of security solutions and software are becoming increasingly critical to stay one step ahead of threat actors targeting the digital landscape.