Google Warns On ‘Destructive, Financially-Motivated’ Ransomware Threats In Services Pitch
Google has spelled out the emerging threat of ransomware and “best practices” to combat it.
The post — authored by Phil Venables Vice President, Chief Information Security Officer, Google Cloud and Sunil Potti VP/GM, Google Cloud Security — underscores the intractability of ransomware and how the threat is evolving.
Much of the discussion centers on Google products and the authors are quick to point out the benefits of Google Cloud and other Google software and services but, more broadly, the safeguards apply to any organization looking to fend off ransomware attacks.
Ransomware, in its basic form, encrypts an organization’s files, effectively locking out an organization from its most valuable data. Ransom is then demanded to unlock the files.
Putting ransomware in perspective: it isn’t novel
“Ransomware…isn’t a novel threat in the world of computer security,” the authors say. “Destructive, financially-motivated” attackers who demand payment to decrypt data and restore access have been around for years, according to Google.
“Today’s reality shows us that these attacks have become more pervasive, impacting essential services like healthcare or pumping gasoline,” Google says.
Email is not your friend
MORE FOR YOU
Google reiterates and reemphasizes what every self-respecting cybersecurity expert will tell you.
“Email is at the heart of many ransomware attacks. It can be exploited to phish credentials for illegitimate network access and/or to distribute ransomware binaries directly,” the authors say.
Chromebook as defense
The authors make good points about the security of Chromebooks. And I can attest to this. I own and use Chromebooks and agree that Chrome OS is more secure than Windows or the Mac (which I also use).
“Chromebooks are designed to protect against phishing and ransomware attacks with a low on-device footprint, read-only, constantly invisibly updating Operating System, sandboxing, verified boot, Safe Browsing and Titan-C security chips,” the authors write.
“Rollout of ChromeOS devices for users who work primarily in a browser can reduce an organization’s attack surface, such as relying too much on legacy Windows devices, which have been found to often be vulnerable to attacks,” according to the authors.
Evolution of the threat
Sometimes referred to as “double extortion” and “triple extortion,” ransomware groups are constantly evolving their tactics.
These new, added threats include stealing data prior to encryption (and threatening to expose that data) and distributed-denial-of-service (DDoS) attacks.
“Some ransomware operators have used the threat of distributed-denial-of-service (DDoS) attacks against victim organizations as an attempt to further compel them to pay ransoms,” the authors said.
These new tactics are, in fact, now more the rule than the exception since it gives criminal gangs more leverage — and the more leverage the better when trying to extort millions of dollars from an organization.
The authors spell out what organizations need to, namely:
Pillar #1 – Identify: Develop an understanding of what cybersecurity risks you need to manage
Pillar #2 – Protect: Create safeguards to ensure delivery of critical services and business processes
Pillar # 3 Detect: Define continuous ways to monitor your organization and identify potential cybersecurity events or incidents
Pillar # 4 Respond: Activate an incident response program within your organization
Pillar #5 – Recover: Build a cyber resilience program and back-up strategy
Google is not immune from news linking it to ransomware attacks
Though not included in the Google post (for obvious reasons), Google products also make into ransomware-related news.
At that time, CISA, FBI, and the Department of Health and Human Services said malicious cyber actors were targeting the Healthcare and Public Health sector with TrickBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.
“Email received by a victim will contain a link to an actor-controlled Google Drive document or other free online filehosting solutions, typically purporting to be a PDF file,” the CISA advisory said.
Through the phishing emails linking users to Google Documents, bad actors used the bogus files to install malware.