Krupa Srivatsan , Senior Director , Cybersecurity Product Marketing at Infoblox , tells us why proactive protection against ransomware is critical .

Ransomware attacks can have devastating consequences for businesses , including costly downtime , data theft and reputational damage . The average downtime and recovery time after a ransomware attack is 22 days , with a conservative estimate of the cost of downtime being US $ 43.2 million .

Typically , in ransomware attacks , cybercriminals gain access to a company ’ s data and use encryption to prevent users from accessing that data until a ransom is paid . As these types of attacks became widespread , organisations started to have robust backups so that they could recover their data in case of a ransomware attack and would not have to pay the ransom .

To increase the pressure on victims to pay the ransom , cybercriminals then started to resort to double extortion ransomware , where the attackers not only encrypt sensitive data but also steal the data and threaten to publish it on the Dark Web if the ransom is not paid . Preventing the leakage of sensitive information is critical for companies as such data leaks can result in fines , loss of brand reputation and lost customers .

Use of DNS by Ransomware for Command and Control ( C2 ) Communications

Once ransomware has infiltrated a company ’ s network and begins executing , it utilises Command and Control ( C2 ) communications to download the encryption key to the end host and encrypt the files . This C2 happens over DNS . DNS C2 is a technique used by cybercriminals to communicate with malware that has infected a target system . Also called beaconing , the malware periodically sends DNS queries to the attacker ’ s server to check for new commands . This communication is crucial for controlling the malware and executing malicious activities .

Cybercriminals use DNS for C2 because :

• It is a ubiquitous and essential service in network communications . By embedding commands within DNS queries and responses , attackers can communicate with malware without raising suspicion .

• It provides a level of stealth . Since DNS traffic is usually allowed through firewalls and other security devices , it can be used to hide malicious activities . Attackers can encode commands in DNS queries and responses , making it difficult for security tools to detect and block these communications

Use of DNS by Ransomware for Data Exfiltration

In addition to using DNS to relay commands / data out of the organisation , ransomware attacks ,

To increase the pressure on victims to pay the ransom , cybercriminals then started to resort to double extortion ransomware .

WWW . INTELLIGENTCISO . COM 33