The ransomware threat is worse than ever, and there’s no end in sight. The damage caused by ransomware nearly doubled from $11.5 billion USD in 2019 to over $20 billion in 2020, and 2021 is shaping up to be even worse. In 2021, we’ve already seen some of the biggest ransomware attacks ever, including a $40 million dollar ransom paid by CNA financial.
At the same time, with the COVID-19 lockdowns, companies are more vulnerable to cyberattacks than ever before. More and more business is moving online, meaning that disruption of IT systems has a bigger impact than ever before.
This presents a unique challenge for CIO’s. Although most ransomware attacks are not caused by any mistake on the part of a CIO, it’s the CIO that usually has to answer for it. Thankfully, there are a number of preventative and preparatory measures that can reduce both the incidence of ransomware attacks and the severity of attacks when they do occur.
Keep Your Baseline Security Strong
The vast majority of ransomware attacks happen due to neglecting basic security features. Multi-factor authentication, locking down RDP ports, next-generation antivirus software, and always keeping up to date with patches and updates are all essential.
If you can afford to have someone in house monitor network activity, this can also help to detect the presence of an attacker in the network and prevent a ransomware attack. There’s also many third party services that can remotely monitor network activity.
Prepare for the Worst
It’s good to be optimistic, but it’s important, especially these days, to prepare for the worst. It’s easy to concentrate on preventing ransomware infections, because that’s the best case scenario, right? No hacks at all.
The reality is that almost every company will get hit by ransomware at some point, so it’s necessary to prepare for it. One of the most important actions is to prevent lateral spreading of ransomware through a network. This is accomplished by using strong passwords and implementing multi-factor authentication within a network.
Strong, regular backup procedures are also key. If you have current backups, recovering from a ransomware attack can be as simple as refreshing your network. It’s important to take care when securing backups, though, as they are one of the first things attackers will look for.
It’s also a good idea to encrypt data stored on servers. As many companies improve their backup procedures in response to the ransomware threat, more and more hackers are relying on threats to publicize sensitive data. This could be trade secrets, or sensitive information about clients. If data is encrypted, even if hackers access it, they can’t use it for blackmail.
Another way to prepare is to have a well thought out ransomware response plan in place. Many times, ransomware victims panic when an attack happens and make bad decisions. Hackers are aware of this, so they will try to pressure victims by putting time limits on them, like demanding payment within 48 hours, and then threatening to double the ransom if they are not paid.
It’s possible to rehearse a ransomware response plan in advance, so when it actually happens it’s just a matter of following the steps in the plan.
Don’t Underestimate the Human Factor
It’s a common mistake to focus excessively on technical solutions. You might think because you have the latest next-generation anti-malware software, machine learning powered endpoint detection and response, and robust update and patching procedures that you’ve covered your bases. This is not the case— while many ransomware attacks use some kind of software vulnerabilities, the majority of attacks rely on phishing.
There are two ways to reduce the risk of phishing attacks. One is to apply the principle of least privilege, and the other is to increase phishing awareness among employees. By using both of these approaches, it’s possible to optimize anti-phishing efforts.
The principle of least privilege means that everyone who uses a network only has the absolute minimum privileges they need to do their job. By implementing this principle, it’s possible to see which employees are a higher risk for phishing, and focus phishing awareness efforts on them.
Another issue is trust. Some ransomware gangs are now offering bounties of up to $100,000 USD to employees who are willing to inject ransomware into a company’s systems. So be nice to your employees!
A Little Bit of Prevention Goes a Long Way
It may sound kind of intimidating. Many of these security upgrades mean totally restructuring workflows and in some cases network architecture. However, even implementing a few of these precautions can prevent a huge number of potential ransomware attacks.
For example, a huge number of attacks use unsecured RDPs or some form of phishing attack. By simply securing RDPs and taking some time to regularly brief employees on the latest phishing techniques, ransomware attacks can be reduced substantially.
Of course, more security is better, but realistically, not every company has the time or the budget for a complete suite of cybersecurity solutions. That’s why it’s wise to keep up to date with trends in ransomware and focus cybersecurity efforts on the most common types of attacks.
About the author
Jeff Stout is a CyberSecurity consultant with Beforecrypt. His work brings him into contact with both victims and hackers involved in ongoing Ransomware cases on a daily basis.