Ransomware is now one of the fastest-growing threats in cybersecurity, with damages predicted to cost $20 billion globally by 2021, up from $354 million in 2015.

But if you work in infosec, you probably knew that. We’re not here to tell you ransomware is a problem. But we are here to examine what security teams are doing to defend against it, and what techniques are emerging as best bets to mitigate ransomware.

Early ransomware defenses were initially around signature-based detections, which worked well for specific ransomware attacks after being identified, according to Mike Schaub, information security manager at CloudCheckr. But with new kinds of ransomware cropping up that behaves differently today, there is now a need for new kinds of detection.


“These include better behavioral or heuristic analysis, or the use of canary or bait files for better detection early on of an attack layered with protections of the files themselves — such as backing up files before a suspicious process encrypts them, whitelisting encrypting processes,” he says.


While classic cryptoransomware simply locked up access to systems, it’s now trendy for ransomware attackers to also threaten victims with data theft and doxxing.

“Extortion through not only the encryption, but copying of data and threatening to leak it if a ransom isn’t paid,” says Schaub. “This threat of exfiltration has different behaviors to look for in ransomware defense.”


Continue reading How Ransomware Defense Is Evolving With Ransomware Attacks on Dark Reading.