search menu icon-carat-right cmu-wordmark

An Updated Framework of Defenses Against Ransomware

August 2020 White Paper
Timur D. Snoke, Timothy J. Shimeall

This report, loosely structured around the NIST Cybersecurity Framework, seeks to frame an approach for defending against Ransomware-as-a-Service (RaaS) as well as direct ransomware attacks.

Publisher:

Software Engineering Institute

Abstract

The proliferation of tools and techniques to disrupt enterprise systems has evolved from those capable of supporting merely opportunistic attacks to those enabling targeted attacks. Furthermore, attackers continue to develop methods for monetizing their efforts, resulting in ransomware, a very disruptive threat to business as well as governmental departments and agencies. Ransomware developers are now selling their tools as a service, enabling attackers (individual criminals, organized crime, ideological hackers, or nation-state teams, all hereafter referred to as affiliates) to use tools they do not build or maintain to attack vulnerable systems.
 
In the last few years we have seen a rise of successful ransomware affiliates that purchase the mal-ware that they use and incorporate it into a ransomware tool chain that is targeted to a specific vic-tim. These attackers lock victims out of their own data, usually by encrypting it, and attempt to extort money to restore the victim’s access to the enterprise data under threat of data destruction or disclo-sure as a response for non-payment. Recent high-profile cases, including attacks attest to the serious-ness of the problem. In each case, the victims suffered operational disruptions with monetary losses.

This report, loosely structured around the NIST Cybersecurity Framework, seeks to frame an approach for defending against Ransomware-as-a-Service (RaaS) as well as direct ransomware attacks.