Staying ahead of threat actors is a game of cat and mouse, with hackers frequently having the upper hand. LockBit was the most widely used ransomware strain in 2023. In the previous year, LockBit was recognised to be the most active global ransomware organisation and RaaS supplier in terms of the number of victims claimed on their data leak site.
New strains of malware emerge as the threat of ransomware grows. The current ransomware strain, Rorschach, is proof of this. It is one of the most rapidly spreading variants on the ransomware market today.
Check Point tested 22,000 files on a 6-core machine and found that all files were partially encrypted in 4.5 minutes. In comparison to LockBit, which was previously thought to be one of the fastest ransomware outbreaks, Rorschach quickly compromised a machine.
What is the purpose of the partial encryption of the files? A novel encryption approach known as intermittent encryption encrypts only a portion of the material, rendering it unusable.
By drastically reducing the time required to encrypt files, security software and personnel have only a limited amount of time to thwart an attack. The outcome is the same: the victim is unable to access their files.
The speed with which encryption is performed is critical since it limits the amount of time available for a user or IT organisation to respond to a security breach. This improves the chances of a successful attack.
Rorschach ransomware, for example, can construct a Group Policy that spreads the ransomware to all machines in the domain if it is successful, even if the attack originally targets just one system.
So, what are the best practises for defending against ever-increasing threats? The three actions listed below are critical for defending yourself and your organisation from Rorschach assaults.
Access control
One of the first stages in safeguarding your organisation is to ensure that each user has only the access they require. Implementing RBAC (Role-Based Access Control) or ABAC (Attribute-Based Access Control) procedures ensures that no user or compromised account can access data outside of its bounds.
With suitable controls in place, you can audit when an account does an action that exceeds its permitted permissions, and fast onboarding and offboarding enable swift responses to security events.
Account policy
Accounts are supported by a strong password policy. This may include following industry standards such as NIST 800-63B or verifying for previously hacked account passwords.
Industry requirements and breached password protection are tough to meet, but software like Specops Password Policy with Breached Password Protection can help.
Ensuring that a user changes their password in accordance with the policy and does not use a previously hacked password guarantees that your organisation is secure.
Data backup
Having good, thorough data backups that cover your entire infrastructure is essential, even in the event of a ransomware attack. If the worst happens, you will be able to quickly rebuild your infrastructure and ensure that you can bring back services and functioning.
You can lessen the effects of a successful ransomware attack and discover what may have been compromised by swiftly recovering.
Bottom line
While the three measures above cannot ensure foolproof security, they can guard you against increasingly complex dangers like Rorschach. There will probably be numerous improvements in the future, even though this ransomware uses special programming to speed up encryption.
Enforcing a tighter password policy helps deter these criminals from looking for easy targets, which is what they frequently do when targeting passwords that have already been obtained.
Additionally, you may use a free download to search your Active Directory for more than 940 million compromised credentials. Make sure no one is using credentials that have already been stolen.
