test

Ransomware, a cyberattack in which hackers compromise a network or system and then threaten to damage or shut it down unless they are paid, have doubled in recent years. 

Municipalities, both big and small, are particularly susceptible to such attacks; local IT departments may have limited resources and attackers are continually evolving their methods. 

In 2022, high-profile ransomware attacks hit such diverse targets as NVIDIA; the Costa Rica government; Bernalillo County, New Mexico; the Maryland Department of Health; and Altoona Area School District, Pennsylvania, among many others.

One response has been signature-based threat detection, in which defenders find a unique identifier within a known threat and use it to recognize it in the future. Many anti-virus programs use that process, cataloging known malware. They may catch certain attacks, but some of the more dangerous malware is morphing more rapidly than they can catalog it.

“Malware developers have become very proficient at finding ways to evade traditional signature based anti-virus solutions,” said Joe Richard, cyber resiliency lead for Raytheon Intelligence & Space, a Raytheon Technologies business. “Keeping anti-virus software up to date is good cyber hygiene, but more comprehensive solutions are needed to keep critical information secure.”

A multi-layered, holistic strategy is more effective to defend against ransomware, rather than depending on a single tool.

For example, Raytheon Intelligence & Space has developed a technology called the REDPro ZTX platform, which uses a multi-layered, hardware- and software-based approach to protecting data and systems from malicious cyberattacks.

“You don’t want to put all your eggs in one basket when it comes to protecting your sensitive data,” said Torsten Staab, Raytheon Intelligence & Space REDPro ZTX chief engineer.

Ransomware uses encryption to lock up data on infected computers, then demands payment for its return. Many of these attacks get into systems through phishing emails that lure recipients into clicking a link or double-clicking an attachment disguised as a legitimate file.

“All it takes is one careless employee clicking on a ransomware-infested phishing email to start losing all your data in a matter of seconds,” Staab said.

Sometimes these attacks are highly targeted or in other cases, attackers cast their net wide to capture victims, Richard said.

“In some of these costly ransomware cases against a specific individual or organization, we’ve seen sophisticated social engineering and spearphishing tactics,” he said. “But sometimes, it’s simply through a mass e-mail laced with malware intended to prey off of people’s curiosity. And that’s dangerous because you can’t control what every single employee happens to click on.”

Prevention, not remediation, is the key, according to Staab. “You have to prepare and plan for this in advance,” he said.

It only takes seconds for ransomware to start encrypting gigabytes worth of data, Staab added. To fight it, REDPro combines RI&S’ cybersecurity technologies with industry-leading workload and data security technologies from select industry partners such as Virsec and Racktop Systems. These capabilities use advanced run-time and file system-focused behavioral analytics to detect and defeat ransomware attacks in real-time at multiple levels.