Sodinokibi – Communication strategies for dealing with Ransomware
Ransomware is back in the news. Although you have likely never lost sight of the threat that it poses to interrupting your business. As part of your larger protection strategy your teams have implemented awareness training, enabled strong spam filters, locked down privileged accounts, configured access controls and many additional tactical measures to mitigate the impact of an outbreak.
As observed last week in Texas, over 20 cities were hit by a new strain of malware believed to be from the ransomware family named Sodinokibi. There are a few things of note regarding the creators of this family of ransomware. They were the first ones to demand payment in DASH cryptocurrency and utilizes the “.bit” top level domain (TLD). This TLD is not sanctioned by ICANN and it therefore provides an extra level of secrecy to the attackers. The family of ransomware utilizes a wide range of spreading vectors, including spam emails, exploit kits, vulnerable servers, managed server providers (MSPs) and most recently Malvertising. The group behind this family of ransomware moves quickly in updating their attack vectors and unlike other cybercriminal campaigns they appear to focus their efforts.
As a CISO, juggling multiple priorities—all of which are critical to the business—you must constantly decide between competing demands for resources and executive-level attention. These decisions must be based on careful alignment of the security organization with the strategic priorities of the business. And those priorities don’t get to change every time attackers update their avenues of attack.
In particular, focused attacks of this nature which appear to be gaining traction means that CISOs do well to invest significant time in networking with other CISOs and internal executives to understand both their internal business needs and the external threat landscape, which in turn fosters better balancing of their cybersecurity priorities. Transparent communications is a key component to the success of this strategy. CISOs need to provide internal executives with an unbiased view of the threat landscape along with the risks involved without being overly sensational. Yes, last week’s attack was significant, but when objectively measuring your resiliency against the attack vectors that were employed how at risk is the business actually exposed to? For example, if you have not opened up communication channels with an Information Sharing and Analysis Center (ISAC) within your organizations vertical, you may not receive actionable intelligence in a timely manner during a coordinated event such as the one in Texas or Florida. ISACs provide a transparent communication network for the collection, analysis and dissemination of actionable threat information to their members. Most ISACs have 24/7 threat warning and incident reporting capabilities, and hold regional and national conferences to engage directly with other CISOs within your industries vertical. Another key to the success of a transparent communication strategy is objective measurement. Measuring the organization’s security posture using objective risk management and operational metrics, CISOs should be regularly sharing this information with senior executives. This will demonstrate the business value provided by the cybersecurity team, countering the common assumption that they are simply a cost center.
Finally, I will leave you with following, since the techniques that Sodinokibi relied on, such as sending spam or phishing emails, are not exactly new or novel, and the group behind it continues to add more delivery methods to their arsenal, it is important for organizations to implement security best practices with a stronger focus on Security operations, Cyber-risk & cyber intelligence as well as a data centric approach to protecting the business that can close visibility gaps.
Gabe Gumbs, CIO
Gabe Gumbs is the Chief Innovation Officer at Spirion where his focus is on the strategy and technology propelling Spirion’s rapidly-growing security platform. A cybersecurity industry veteran with a 19 year tenure in CyberSecurity, he has spent much of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabe is an information security thought leader, privacy advocate and public speaker.
See how Spirion provides visibility as the first step in your data security process. Schedule a customized risk assessment with one of our data security experts to see our data protection solutions in action.