Looking to eliminate any worrying gaps in your ransomware defenses? Our Acronis partner webinar was the place to be!
We spoke to Acronis’ VP Cyber Protection and Research Candid Wüest, VP Cyber Threat Research Expert, who walked us through the threat landscape, and gave a demo of Acronis Cyber Protect – one of Atera’s awesome integrations for protecting your business and your end-users.
If you missed the live event, watch it for yourself here, and enjoy these blog highlights!
The state of ransomware today
Candid discussed how in the news we see the big companies and their headline-worthy attacks, but in reality, ransomware is a problem that impacts companies of all sizes. Perhaps it “only” costs smaller companies $10-20,000 instead of many millions, but for a small business, that can be enough to cause severe financial harm.
It was super helpful to see Candid walk us through the five most common cyber threats that attackers use to make their way into the network. Watch the whole webinar for a more in-depth talk about:
- Malicious emails and phishing: Including bypassing your current defenses, such as stealing the 2FA code within the 30-second window.
- Vulnerable remote systems: As employees increasingly work remotely, they need more remote tools and technologies, expanding the attack surface.
- Abusing a trust relationship: MSPs are a good example of this, where bad actors abuse a trusted relationship to attack a whole supply chain.
- Misconfigured cloud services: From weak passwords to poor code management, or infected container environments.
- Ransomware extortion: Very often, this is double extortion where they steal your data and then encrypt it, making backups only part of the solution.
Candid also discussed the trends which the team is seeing at Acronis, including more fileless attacks and Living-off-the-Land, as well as PowerShell and DLL reflective/sideloading.
Evasion is getting easier for hackers, who often start by attempting to uninstall cybersecurity tools and deleting backups, to increase the chances of you needing to pay the ransom. There are many “off-the-shelf” tools attackers can use to attempt this, which makes it easier for businesses to remain a step ahead.
However, not all techniques are lazy. The bad guys are also making use of AI and machine learning, using adversarial AI to implant backdoors, flood your environment with events, or bypass thresholds using behavior splitting. At Acronis, there is a robust CPOC – a Cyber Protection Operation Center, where experts work around the clock to uncover new threats and mitigation technologies.
How are the attackers getting inside your environment?
One of the techniques that Candid shared was the use of Initial Access Brokers. If you’re an attacker and you want inside a network, who would have thought you could just ask for it? With this approach, a hacker might ask someone for access to a company in Brazil of the right size for example, and pay them a small amount to provide a credential or a way in. They might even pay an insider to execute ransomware on the attacker’s behalf, promising them a cut off the profits. All they need is a single disgruntled employee who is willing to take the risk for a payout on the way out the door.
Initial access can also be gained through all the tactics listed above, from malicious emails and infected links, to supply chain attacks. Once inside, attackers will threaten to publish stolen data, send it to competitors, share it with media sites or even the stock exchange, and let privacy regulators such as GDPR know about the data loss, too.
The important thing to understand is that ransomware bad actors are going far beyond random data encryption. They are increasing the pressure via double extortion or added elements of the attack such as event flooding. They know your business, performing reconnaissance and understanding if you’re insured or when a difficult time for your business would be to recover quickly. They adapt their techniques to your company, such as changing passwords, putting sleeper backdoors into your backups, or encrypting from your virtual machines.
Understanding your challenges when it comes to ransomware
For SMBs, there is likely to be a struggle with a lack of resources and expertise in-house, and yet infrastructure and networks that are getting more complex. Acronis found that 22% of SMBs are using more than ten tools. Making these work in tandem is a real headache! Getting visibility over them is also a growing challenge! And even if you can get the visibility, how can you automate mitigation to avoid the slow and manual effort of monitoring, protection, and remediation?
Protecting against this needs a smart strategy, and we loved watching Candid walk us through Acronis Cyber Protect. The product is a full endpoint security tool, which started its life as a backup technology. Now, it’s evolved to become next-generation cybersecurity with an advanced AI-based behavioral detection engine, a reliable backup and recovery, and also enterprise protection management such as URL filtering and vulnerability assessments.
Acronis offers multilayered protection against threats, with a complete and modern security stack that’s enhanced by data recovery and backup for if the worst occurs. The solution includes vulnerability assessments and URL filtering, specific app-based protections, AI-based analysis, and data protection heuristics. This last tool goes further than signatures to use an algorithm to analyze behavior, for example spotting the moment that files begin to be encrypted, and blocking the action, even if this ransomware-type has not been seen before.
Stay tuned until the end of the webinar, and you’ll see Atera’s Shachar Ron-El, Marketplace Product Manager, who gave a live walkthrough of how to use Acronis with Atera. This includes how to activate your Acronis account and install Acronis on specific devices, plus how to check Cyber Protect is installed and up to date.
This partner webinar gave too much value to fit in a single blog post! And of course, the whole event includes our favorite part of any webinar, your live Q&A!
You’ll also access:
- Examples of practical ransomware attacks, including fileless and no macro exploits
- A live demo of how ransomware works in practice, using a popular example of Ransomware-as-a-Service (RaaS).
- A walkthrough of the Acronis Cyber Protect cloud console, showing how the platform blocks threats in real-time.