Hospitals throughout the UK were alerted early Friday morning of a potential ransomware attack, but by the time anyone could act, it was too late. The ransomware was already spreading and disrupting systems across the globe as part of a major infiltration. Ransomware remains one of the leading threats facing organizations today and is the Achilles heel of security teams struggling to keep up with multitudes of alerts.
This time, Hospitals in the UK were crippled by a “large-scale” cyber attack that forced operations to be canceled and ambulances to be diverted. Health workers reported being locked out of their systems and seeing messages demanding ransom payments to regain access (the very definition of a “ransomware” attack).
Ransomware Attack Spreads
At least 16 organizations connected to the National Health Service (NHS) in England reported being affected. NHS Digital is said to be working with the government’s National Cyber Security Centre, the Dept of Health and NHS England to help organizations affected “to manage the incident swiftly and decisively”.
There is little question that ransomware attacks and their severity are increasing rapidly. The FBI recently issued an alert about the broader category of rogueware, which include ransomware and fake antivirus scareware scams. According to the FBI, criminals are netting an estimated $150 million a year through these scams.
In the wake of these kinds of attacks, with the risks escalating, security leaders in the private and public sectors are forced to ask themselves what more they could be doing. With the acceptance that these attacks are consistently going to happen, how do we arm organizations and their security teams to respond when they are already strained under the weight of alerts? Adding to the challenge, detection systems can generate a large volume of false positives, making it difficult for analyst teams to triage and respond to these kinds of threats. As we are seeing in real time today, once devices within your environment are infected, regaining control over ransomware can be tedious and time consuming.
Security Orchestration Emerges
Given the speed at which a typical ransomware attack goes from alert, to incident, to damage, this is an area where security orchestration shines. Siemplify’s ThreatNexus Security Orchestration platform can help you investigate, block, and contain ransomware threats. Ransomware playbooks can help automate the triage process for ransomware attacks and enable analysts to deal with the growing volume of ransomware threats. Most importantly, when an incident does occur ThreatNexus gives analysts the visibility to investigate and remediate these threats quickly to minimize damage. If true orchestration is embraced, and the whole SOC is managed from end to end, then the inevitable next attack can be repelled much more efficiently.