�����Ƶɫ

Defending Against Ransomware Means Preventing It

With the increasing rate of ransomware attacks, it isn't matter of��if��you��will��experience��an attack, but��when.��As reported by��, the global volume of ransomware rose to 304.7 million in the first six months of 2021. That’s 0.1 million more than the total number��of��attack attempts recorded��by security researchers��in all of 2020.��Organizations need to be on the offense when it comes to defending against ransomware attacks. But what does “ransomware defense” mean exactly and what does it look like in practice?��Let’s break it down.����

Understanding the Costs of a Ransomware Attack��

������, Cybereason observed that a��ransomware��attack��inflicts multiple points of damage against a victim.��These costs��make��defending against ransomware��difficult once an attack has begun.��

Consider the following findings from Cybereason’s study:��

• Two-thirds��of respondents indicated that their organization��had��lost significant revenue following a ransomware attack.��
• More than half��(53%)��of survey participants reported that a successful ransomware attack��had��damaged both their brand and their reputation.��
• Close to a third��(32%)��of organizations revealed that they��had��lost C-Level executives as the direct result of a successful ransomware attack.��
• A slightly lower proportion��(29%)��of survey respondents found themselves in a position where they needed to lay off employees due to the financial pressures that they��had��incurred following a ransomware infection.��
• About a quarter��(26%)��of organizations wrote that a ransomware attack��had��forced them to temporarily��suspend operations at��their business.��

Paying the ransom didn’t alleviate the costs for victims. Sometimes,��victims��couldn’t��recover their information even after paying the requested ransom.��Nearly half (46%) of respondents in Cybereason’s survey said that they��had��regained access to their data after fulfilling a ransom demand but that the attack��had��left some or��all of��their data corrupted. Only 51% of victims regained access to all their data without any data loss after paying the ransom, while three percent didn’t restore any of their data following payment.��

Other times, complying with a ransomware attacker’s demands just made things worse by inviting follow-up attacks. Of those organizations that told Cybereason they had paid the ransom, for example, four-fifths��said they had��incurred another ransomware attack. Nearly half (46%) of those respondents believed that the attack originated from the same attackers. Meanwhile, 34% articulated their belief that the attack had originated from a different ransomware group.����

Follow-up attacks aren’t uncommon with ransomware actors. As I noted in��my article on double extortion,��digital attackers don’t always honor instances in which victims pay the��ransom��for��the deletion of their stolen data.��Security researchers observed some gangs re-extorting victims for the same data just weeks after receiving a ransom payment—all to collect even more money. Other ransomware gangs went ahead and posted a victim’s stolen information on their data leaks website despite having already collected payment.��

Understanding Ransomware Defense

So, what do Cybereason’s findings mean when it comes to defending against ransomware?��They highlight how��organizations��can best��defend against ransomware��by trying to��prevent an infection from occurring in the first place.��One way to do��this��is to��reduce��the risks��associated with phishing emails by investing in a��security solution��that scans their incoming email messages for IP addresses, campaign patterns, and other threat behaviors. If the solution conducts its analysis in real time, it will also ensure that organizations can remain protected without suffering extended��business disruption.��

�ճ��������agrees with the need to implement an email filtering solution to prevent phishing,��but they have also��issued a list of��other��promising��recommendations��to prevent��ransomware attacks:��

1. Apply��best practices when using��RDP /��remote desktop services��to��prevent��attackers��from using this as a common entry point.��
2. Regularly scan and audit��for��network��vulnerabilities��– CISA offers various no-cost scanning��services. Also, with email being��one of��(if not��the most)��common threat vector��for ransomware,��you can��also��conduct an��email security��audit��to help source and remediate��potential vulnerabilities��quickly.��
3. �������������������Ǵڳٷɲ��������ܱ�-�ٴ�-�岹�ٱ���including operating systems, servers, applications,��anti-virus��and��anti-malware software,��and every other potential software that can be abused to gain access to your network.��
4. Secure��all��devices (laptops, mobile phones, etc.)��that have access to your network��and ensure they follow company��security policies.��
5. Employ��multi-factor authentication (MFA)��rather than allowing users to login with a password alone.��
6. Implement a cyber security awareness training program��for��employees to know the risks of working in a digital world.��
7. Manage access properly��like limiting privileged accounts and developing an allow list for applications.��
8. Have a��robust��data��backup strategy��in place��that backs up your data regularly – this won’t necessarily prevent ransomware threats, but it will surely help you recover��data from any point in time��if the need arises.��

You can read��CISA’s��full recommendation on ransomware-caused data breaches����or��continue reading about��other��ransomware��topics��by��navigating��to��the��Secure Modern Workplace blog series.��