Sodinokibi – Communication strategies for dealing with Ransomware

Ransomware is back in the news. Although you have likely never lost sight of the threat that it poses to interrupting your business. As part of your larger protection strategy your teams have  implemented awareness training, enabled strong spam filters, locked down privileged accounts, configured access controls and many additional tactical measures to mitigate the impact of an outbreak.

As observed last week in Texas, over 20 cities were hit by a new strain of malware believed to be from the ransomware family named Sodinokibi. There are a few things of note regarding the creators of this family of ransomware. They were the first ones to demand payment in DASH cryptocurrency and utilizes the “.bit” top level domain (TLD). This TLD is not sanctioned by ICANN and it therefore provides an extra level of secrecy to the attackers. The family of ransomware utilizes a wide range of spreading vectors, including spam emails, exploit kits, vulnerable servers, managed server providers (MSPs) and most recently Malvertising. The group behind this family of ransomware moves quickly in updating their attack vectors and unlike other cybercriminal campaigns they appear to focus their efforts.

As a CISO, juggling multiple
priorities—all of which are critical to the business—you must constantly decide
between competing demands for resources and executive-level attention. These
decisions must be based on careful alignment of the security organization with
the strategic priorities of the business. And those priorities don’t get to
change every time attackers update their avenues of attack.

In particular, focused attacks of this nature which appear
to be gaining traction means that CISOs do well to invest significant time in
networking with other CISOs and internal executives to understand both their
internal business needs and the external threat landscape, which in turn fosters
better balancing of their cybersecurity priorities. Transparent communications
is a key component to the success of this strategy. CISOs need to provide internal
executives with an unbiased view of the threat landscape along with the risks
involved without being overly sensational. Yes, last week’s attack was
significant, but when objectively measuring your resiliency against the attack
vectors that were employed how at risk is the business actually exposed to? For
example, if you have not opened up communication channels with an Information Sharing and
Analysis Center
(ISAC) within your organizations vertical, you may not
receive actionable intelligence in a timely manner during a coordinated event
such as the one in Texas or Florida.
ISACs provide a transparent communication network for the collection, analysis
and dissemination of actionable threat information to their members. Most ISACs
have 24/7 threat warning and incident reporting capabilities, and hold regional
and national conferences to engage directly with other CISOs within your
industries vertical. Another key to the success of a transparent communication
strategy is objective measurement. Measuring the organization’s security
posture using objective risk management and operational metrics, CISOs should
be regularly sharing this information with senior executives. This will demonstrate
the business value provided by the cybersecurity team, countering the common
assumption that they are simply a cost center.

Finally, I will leave you
with following, since the techniques that Sodinokibi relied on, such as sending
spam or phishing emails, are not exactly new or novel, and the group behind it continues
to add more delivery methods to their arsenal, it is important for
organizations to implement security best practices with a stronger focus on Security
operations, Cyber-risk & cyber intelligence as well as a data centric
approach to protecting the business that can close
visibility gaps.

Gabe Gumbs, CIO

Gabe Gumbs is the Chief Innovation Officer at Spirion where
his focus is on the strategy and technology propelling Spirion’s
rapidly-growing security platform. A cybersecurity industry veteran with a 19
year tenure in CyberSecurity, he has spent much of that time as a security
practitioner, aligning security innovations with business objectives for Fortune
100 organizations. Gabe is an information security thought leader, privacy
advocate and public speaker.

See how Spirion provides visibility as the first step in your data security process. Schedule a customized risk assessment with one of our data security experts to see our data protection solutions in action.