How to battle the growing threat of ransomware
By Phil Richards, CSO, Ivanti
As the cybersecurity landscape becomes more complex, ransomware incidents become more frequent and remunerative for those who carry them out.
In the past, assailants targeted random victims on the web and obtained small sums of money in return, but now these attacks can be aimed at specific organisations and tailored in order to demand much more substantial ransoms. Prime targets of this new, more lucrative approach, are naturally large organisations — for example, governmental or academic institutions. The public or sensitive information these companies work with, and the importance of keeping their IT records private, make these organisations ideal targets.
It’s almost unnecessary to point out the devastating consequences of ransomware attacks: last year, such an incident cost aluminium maker, Norsk Hydro, £45m. It’s clear that protection against these attacks should be high on the agenda of companies of all sizes. Because there are a multitude of ways ransomware can work its way into a system, implementing an effective defence against these threats can seem near impossible. However, organisations can reinforce their protection with a layered approach to security.
A complex network of hackers
Ransomware is an ever-evolving beast, with new strains constantly being developed. This unpredictability, coupled with the increasingly targeted nature of attacks, is allowing cybercriminals to demand larger sums.
Taking a look at the hackers behind the growing threat of ransomware, we know there is a complex but organised ecosystem of individuals perpetrating these attacks. The practice of Ransomware-as-a -Service (RaaS) is gaining popularity, giving way to a real ‘supply chain’ of ransomware, with individuals distributing it ‘ready to go’, making it easy to source and utilise. While some cybercriminals specialise in creating ransomware, others are expert in deploying it — in other words, actually getting it past the organisation’s defences — so these attacks are now even more effective and dangerous.
Back to basics
In order to construct a robust defence, companies need to nail the basics of cybersecurity. To do this, they can leverage existing control frameworks — like the Critical Security Controls (CIS). The result should be a layered approach, a combination of different security measures designed to cover all the bases and ensure optimal protection from ransomware.
Sound and effective patching should undoubtedly be a part of this layered strategy. Correctly deploying patches is known to be complicated and time-consuming, that’s why organisations should automate their patch management processes to mitigate these challenges. Automation empowers security teams to promptly pinpoint known vulnerabilities and utilise the appropriate patches on the vulnerable systems. With automation, patching activities can easily be repeated and scaled. This strategy also makes patching auditing far simpler: relying on automation for patching means patches are reliably and effectively deployed, granting auditors the necessary visibility.
Patching is a great place to start. However, optimal protection against ransomware can only be achieved by juxtaposing it with other forms of cyber defence. The additional elements involve, for example, whitelisting — keeping on top of trusted and untrusted applications and users, and disabling those that are potentially dangerous. Antivirus protection is also critical.
According to Verizon research, 34% of security breaches occur as a result of internal actors. Intentionally or unintentionally, workers can open the doors of an organisation to security threats. This is particularly true when it comes to ransomware.
Companies must ensure the entirety of their workforce is aware of the many ways ransomware can break the network’s defences, so they can be constantly alert and avoid falling for the tricks spun by cybercriminals. For example, phishing is a well-known, often successful, tactic utilised by hackers to perpetrate a cyberattack. Disguised as a genuine email, a phishing attack appeals to an unaware staff member, inviting them to click on a malicious link which then grants the hacker access to the network. The ransomware is now able to encrypt the organisation’s files, so that the hacker can demand a ransom in exchange for the safe return of their data. Driving awareness of these risks among the workforce means reducing the chances that an unsuspecting staff member could click on a potentially dangerous link, without making sure the email received is legitimate.
When the worst does happen
While aiming to create a solid, fool-proof defence is certainly indispensable to fend off the threat of ransomware, companies also have to be prepared for the worst-case scenario. Savvy organisations will have a disaster recovery plan in place which likely involves regularly backing up their most valuable data off-site, empowering them to regain access in case it is encrypted by a ransomware attack — without having to pay the ransom demanded by the hacker.
A multifaceted, ever-changing security threat such as ransomware can seem intimidating. However, if companies implement a combination of measures in a strategic, layered approached, accompanied by security education initiatives and a sound back-up plan, they are on the right track to preventing and managing these attacks.