Code Story - Most destructive? Ransomware.

Most destructive? Ransomware.

By Code Story • Issue #84 • View online

This newsletter is sponsored by our friends at Anomali. Download their Cybersecurity Insights Report for 2022.

In recent years, no cyberattack payload has been more destructive to business and government organizations than ransomware. And to be clear, this is not new… the earliest variants of ransomware were developed in the late 1980s. This type of malware made a resurgence in 2019 with high profile attacks made on state and local government.

The Impact of these Attacks

The global impact of these attacks was quantified in Anomali’s recently published Cybersecurity Insights Report 2022 that included a Harris Poll survey of security professionals with analysis by the Anomali Threat Research team. In this report, the company found that:

52% of organizations were hit by ransomware attacks in the last three years
39% of victims paid a ransom to regain control of their data and systems.

Solving for ransomware requires a continuous global approach to detection that is rooted in intelligence. Let’s take one of the most notorious spates of ransomware attacks that leveraged three types of malware, Emotet, TrickBot and Ryuk to expertly extort over $61 million dollars from businesses in 2020 according to the US Federal Bureau of Investigations.

To remind readers, Emotet infiltrates an organization, spreading from the primary infected endpoint to other endpoint victims spreading TrickBot which establishes a command-and-control (C2) connection allowing the attacker to assess the victim and then spread Ryuk payload which delivers the ransomware.

Anomali delivers a cloud-native extended detection and response (XDR) solution via The Anomali Platform, that drives detection, prioritization, and analysis, taking security from intelligence to detection in seconds. Companies use Anomali to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation ultimately helping organizations to detect and respond to ransomware at all stages of the attack.

So, what is a CISO to do?

Have Global Situational Awareness

Even before an organization is hit, a CISO needs to have the global situational awareness to understand the prevalence of these threats in the wild and the impact of these threat actors on their industry and geography. Using the Anomali Platform dashboards, security professionals have the information they need to assess the threat of attack.

www.anomali.com • Share

Stop Initial Access

Using a cloud native XDR solution like the Anomali Platform Cloud XDR, organizations can detect Emotet’s initial access attempt through techniques like spear phishing by correlating the organizations messaging security telemetry together with all globally identified malicious links.

www.anomali.com • Share

Stop the Attack

Using a precision detection from Anomali Platform Cloud XDR, organizations can detect Emotet in their environment with the first infected endpoint and then subsequently automatically updates endpoint security policies to block future threats.

www.anomali.com • Share

Stop the Communication

Using the Anomali Platform machine learning Domain Generation Algorithm (DGA) capability, analysts can quickly identify suspicious command and control connections associated with Emotet and its variants. With key integrations to over 80 security control tools, analysts can automatically update perimeter and cloud security policies to block this communication.

www.anomali.com • Share

Stop the Payload

By this point, an analyst has enough information required on the threat, the threat actor and techniques to understand what is going to happen next. An analyst is able to use the Anomali Platform Cloud Xdr to predict the next stage of the Ryuk powered attack to update all security controls with high fidelity indicators that protect the organization from Ryuk and all of its variants.

www.anomali.com • Share

Read the Anomali Cybersecurity Insights Report and Ransomware Blog to learn more.

Did you enjoy this issue?

By Code Story

Code Story is a podcast, interviewing tech leaders about the roads they travelled creating world changing products. Monthly, we look back at the episodes highlights, happenings for the show and opportunities for support. Stay tuned, and sign up today.

Tweet

Share

In order to unsubscribe, click here.

If you were forwarded this newsletter and you like it, you can subscribe here.

Powered by Revue

Code Story - Most destructive? Ransomware.

Older messages

400k Downloads!!

Meet the email delivery service that people actually like.

Check out our SWAG!

Code Story - February 2022

Easiest, most secure way to access infrastructure.

You Might Also Like

You’re invited: See how Cypris scaled AI search

JSK Daily for Mar 19, 2025

Forget TypeScript, how about porting Doom to Go?

Daily Coding Problem: Problem #1722 [Medium]

Ranked | The World's Fastest Growing Economies in 2025 📊

Web Almanac: JS; syntactic quirks; Parcel v2.14.0; Bun v1.2.5; Node.js on Discord; Node v20.19.0

Microservices rules #7: Design loosely design-time coupled services - part 1

[Report] 69% of Attacks Bypass Defenses

11 Windows apps I always trash 🗑️

⚙️ Nvidia's 'incredible' demand