In 2020, ransomware attacks led to ransoms totalling $370m paid: as much as Kanye West, Roger Federer and Neymar earned combined. That number has since skyrocketed to $590m for H1 of 2021, more than the annual GDP of at least 11 nations. Whichever way you look at it, cybercrime is big business.
While cybercrime has become a disappointing reality of modern life and business, ransomware is particularly on the rise. In fact, some reports put its year-on-year growth at as much as 1,070%. The past two years have created an almost perfect breeding ground for these kinds of attacks, with the shift to remote work, distance learning and increased connectivity in everything from cars to industrial machinery.
As the name suggests, ransomware is based on cybercriminals withholding access to systems or files and charging a ransom for their release. The most common attack vectors are either email phishing, remote desktop protocol or existing software vulnerabilities. There are two main classifications of ransomware attacks:
- Crypto Ransomware: Sensitive information from the victim’s computer is encrypted with a ransom demanded for its decryption
- Locker Ransomware: The victim’s machine and data files remain safe, but devices or user interfaces are locked, and a ransom demanded for their unlocking
So how does one protect himself against ransomware? The key is in taking a proactive approach to prevent rather than remediate. Here are some of the main ways you can secure your business:
- User Account Management
The first steps are often the simplest and that means ensuring good data hygiene and management of user accounts. Password policies with robust controls such as minimum character limits yet are user friendly are vital to minimise the risk of phishing. In addition, Multifactor Authentication (MFA) is a critical security control which can help when passwords are compromised. But remember, not all MFA is made equal: one-time SMS codes are easily intercepted so use mobile ‘push’ notifications where possible
- Network Segmentation
Some ransomware attacks employ Server Message Block (SMB) worms which can rapidly spread and disrupt large areas of a network. Network segmentation allows these types of attack to be contained and damage minimised. While there is no ‘best’ way to segment, segmentation is a best practice – make the decision that works best for your architecture and keep less trusted parts of the network separate from the rest.
- Endpoint Detection & Response (EDR) / Extended Detection & Response (XDR)
Catching unusual activity is a great means of protecting your business from ransomware attacks. EDR systems track and analyse users and network traffic to give us visibility against threats at the endpoint level. XDR takes this a step further, providing a platform to protect you from a wide range of threats to your endpoints, network, users, and cloud workloads
- Security Information & Event Management (SIEM)
Timeliness is important when fighting any kind of cyberthreat. SIEM solutions provide real-time threat analysis of security alerts from applications and hardware, rooting out attackers at the early stage before it’s too late. SIEM Use Cases can then be installed and in turn take preventative measures against prospective attacks which improves the effectiveness of the SOC.
- Anti-Ransomware Security Software
Anti-Ransomware Tool is a great place to start when creating your defences against ransomware. Fast and easy to use, it provides solid protection against a list of common ransomware variants, ‘immunising’ your business against them. For those times when you have been subject to an attack, Ransomware Removal Tool enables the quick removal of an infection.
- Ransomware Vaccination
Some malicious programs can leave markers on the endpoint, to prevent from infecting it twice. A ‘vaccine’, however, can be used to ‘inject’ these infection markers and block the encryption process of known ransomware ‘strains.
- Securing DNS
The domain Name System (DNS) is the phone book of the internet, a core component of navigating everything from email to browsing. Cyber criminals often exploit domain names, lacing phishing emails with malicious links to redirect traffic to malicious destinations or allow attackers to take control of the DNS infrastructure itself. Preventing the resolution of malicious domain names is one of the best practices to protect users and organisation.
- Sandbox
Being prepared is an important step for your business. A sandbox is an environment that tricks malware into believing it is interrogating external servers when it is actually communicating with fake sandbox IP addresses. It allows you to detect and analyse advanced attacks in a secure environment, protecting your business from email threats.
- Data Backup
Sometimes it might be the case that ransomware does take hold. In those instances, the best course of action can be to delete everything and start again. Cybercriminals will look to target data backups too, so you need to protect these too. The 3-2-1 backup strategy is a well-known approach – have three copies of your data, two in different media and one kept off-site. Assume the worst and backup your backups. With this, should you be victim of a ransomware attack, you’ll have the tools to rebuild your servers and workstations.
Find out how Expleo can help protect your business against Ransomware and other threats, securing you today and tomorrow.
