Combating Today’s Ransomware Attacks Requires a Multipronged Approach

Although the number of attacks declined in the first half of 2022, ransomware remains the most significant cybersecurity threat organizations face. In a recent SpyCloud survey of IT professionals in organizations with 500 or more employees, 90 percent said they had been affected by ransomware in the preceding 12 months. What’s more, 65 percent of these attacks successfully encrypted data, up from 54 percent the previous year. Many organizations suffer multiple attacks. The study found that 50 percent of organizations were attacked two to five times, 20 percent six to 10 times, and 7 percent 10 or more times. Smaller organizations with fewer than 1,000 employees were as likely to be affected as large enterprises.

The costs are substantial. Organizations paid an average of $1.4 million to remediate ransomware attacks, including mitigation and recovery costs, lost productivity and impact on customer-facing services. In a survey conducted by research firm Vanson Bourne, 90 percent of organizations said that a ransomware attack shut down their operations, and 86 percent said they lost revenue. A Censuswide study found that 37 percent of organizations had to lay off employees as a result of a ransomware attack.

Interested In Learning More?

Untitled design - 2022-09-26T131827.256.png

Evolving Attacks

Cybercriminals continue to refine their techniques. The first ransomware attacks were technology-driven and relatively unsophisticated, leading organizations to focus on data backup to mitigate risk. Attackers began encrypting backups to prevent recovery, and exfiltrating data prior to encryption to increase the odds that the victim would pay. Ransomware-as-a-Service (RaaS) soon became available on the Dark Web, allowing hackers to use ready-made tools for a share of the ransom payment.

The latest attacks are far more sophisticated. RaaS operators now partner with a skilled hacker who is able to gain access to the victim’s network. They work together to find weaknesses and target the most sensitive data for encryption. The insider can also locate and disable security tools and online backups. The complex profit-sharing arrangement may also involve a third hacker who enables access using stolen credentials or back doors that are already in place.

Untitled design - 2022-09-26T131834.552.png

Beyond Backup

Backup still plays a central role in ransomware mitigation. Organizations should ensure that they have a reliable backup system, test it regularly, and use an “air-gapped” approach to prevent ransomware from reaching backup repositories. Immutable backup is another option — the data cannot be altered or deleted, even by an administrator.

Data backup isn’t a panacea, however. Recovering data from backup takes time and isn’t foolproof. Typically, there is some degree of downtime and data loss.

Furthermore, today’s sophisticated attacks require a multipronged security approach. The proliferation of endpoints has greatly expanded the attack surface, making it critical to keep devices patched, require strong credentials and use multifactor authentication. Endpoint detection and response (EDR) tools can help identify and block attacks that begin on endpoint devices.

Untitled design - 2022-09-26T131854.155.png

Tools and Techniques

Extended detection and response (XDR) goes further, providing greater visibility into servers, applications, networks, endpoints and the cloud. XDR tools collect and correlate data from across the enterprise to help spot unauthorized access. Of course, minimizing the attack surface and following best practices will reduce the “noise” that IT teams have to sort through to detect threats.

DeSeMa’s security experts can assess your security controls and identify gaps and weaknesses that could give hackers a foothold to launch a ransomware attack. We can also segment your network to prevent hackers from moving laterally throughout your environment, and implement policy-based controls to prevent unknown and unsecured devices from accessing the network. We can help you take advantage of new security tools and better utilize existing resources.

In a recent Enterprise Strategy Group study, 96 percent of organizations said they believe that their ransomware preparedness has improved over the past two years, but 70 percent had experienced a successful attack. DeSeMa can help you bolster your defenses to prevent attackers from accessing systems and data and become more effective at detecting and blocking ransomware.