In a recent turn of events, the International Joint Commission, responsible for managing water rights along the US-Canada border, fell victim to a ransomware attack. The incident raised concerns as the attackers, NoEscape ransomware group, claimed to have stolen a substantial 80GB of sensitive data, including contracts, employee information, and legal documents.
According to Verizon’s 2022 data breach report, ransomware attacks saw a 13% increase in the past five years. This shows the rising threat of ransomware groups and the importance of adopting cyber security measures.
Who is NoEscape?
NoEscape is a ransomware-as-a-service operation that emerged in May, employing a double-extortion approach. Rather than immediately encrypting victims' files and demanding a ransom, NoEscape first exfiltrates the data and then threatens to leak it if the ransom is not paid. Notably, the group avoids targeting organizations within the former Soviet Union, aligning with the strategies of ransomware groups like Conti and Black Basta. NoEscape is believed to be a rebrand of Avaddon, a group that ceased operations in 2021.
NoEscape has already victimized several organizations, including the University of Hawaii, Italian consultancy firm Kreacta, Lithuania's Republican Vilnius Psychiatric Hospital, and Taiwanese electronic connector manufacturer Avertronics. These attacks underscore the urgency of addressing the ransomware threat.
Threat modeling to the rescue
There are 1.7 million ransomware attacks every day which means every second 19 ransomware attacks. The first half of 2022 saw nearly 236.7 million ransomware attacks worldwide. Ransomware is expected to cost its victims around $265 billion (USD) annually by 2031. These statistics sheds light on the urgency to have cyber security measures in place to protect your organizations.
Threat modeling plays a pivotal role in mitigating the risk of ransomware attacks like the one experienced by the IJC.
Now let us discuss the ways in which threat modeling can help protect your system, organizations against these kind of attacks:
- Threat modeling involves systematically identifying potential vulnerabilities in an organization's systems, processes, and infrastructure. This includes weaknesses in software, configurations, employee practices, and more. By understanding where vulnerabilities exist, organizations can take steps to address them before attackers can exploit them for ransomware attacks.
- Attack Surface Reduction: One of the key goals of threat modeling is to reduce an organization's attack surface, which refers to the points of entry or potential weaknesses that attackers can target. By understanding and addressing vulnerabilities, organizations can systematically reduce their attack surface, making it harder for ransomware actors to gain access.
- Threat modeling encourages a security-by-design approach. It means integrating security considerations into the development and implementation of systems and processes from the very beginning. This proactive stance ensures that security is not an afterthought but a fundamental part of every aspect of an organization's operations.
- Scenario Planning: Threat modeling involves considering various attack scenarios, including ransomware attacks. By simulating how attackers might exploit vulnerabilities, organizations can develop effective incident response plans and strategies for dealing with ransomware incidents. This preparedness can significantly reduce the impact of an attack.
- Threat modeling helps organizations decide on and implement appropriate security controls and measures to mitigate identified risks. These controls can include network segmentation, access controls, regular software patching, and employee training to recognize phishing attempts – all of which are crucial in defending against ransomware attacks.
The ransomware threat, posed by groups like NoEscape, demands immediate attention. To safeguard against such attacks, organizations must prioritize threat modeling as an essential cybersecurity strategy. In this context, ThreatModeler, a leading threat modeling platform, can prove invaluable in identifying and mitigating vulnerabilities before they turn into costly breaches.
The time to act is now, with ThreatModeler - Build a robust security architecture.