Ransomware attacks are one of the fastest-growing threats targeting businesses. The number of ransomware attacks is on the rise. Ransomware attacks are also evolving at a rapid pace. Instead of targeting large-scale businesses, the focus has shifted from enterprises to critical infrastructures such as health care facilities and power stations.
According to statistics, ransomware damages will cost businesses $20 billion by 2021. Healthcare facilities will be the prime target for cybercriminals as the number of ransomware attacks targeting health care facilities is set to quadruple in 2020. We have already seen cases in which patients are denied treatment just because the system is not working. Even worse, one patient has died in Germany because a ransomware attack has made the system inaccessible.
Chris Roberts, Hacker in residence with Semperis, summed it up brilliantly when he said, “Ransomware defense needs to continue to evolve, but since we won’t ever be able to evolve as fast as the attackers and industry – and the collective commerce world won’t ever be as nimble as a well-orchestrated group of determined adversaries, we have to think differently.”
So, how can we strengthen our ransomware defenses in order to prevent such issues in the future? In this article, you will learn about seven ways in which ransomware defense is improving with a ransomware attack.
Just like antivirus programs, early ransomware detection systems used a signature-based detection mechanism. It might work for specific ransomware attacks, especially when the information about such ransomware attacks is previously available. Unfortunately, this technique will not work well for today’s ransomware that behaves differently.
To spot modern ransomware attacks, you need a ransomware detection system that performs behavioral and heuristic analysis and leverage bait and canary files for early ransomware detection. Previously, ransomware used to make your system inaccessible but today, cybercriminals are threatening victims with data theft and publishing their sensitive information online.
Cybersecurity professionals have long been raving about the benefits of taking a proactive approach to cybersecurity instead of a reactive one. Thankfully, ransomware defense has listened to them lately. Instead of waiting for an incident to occur, your ransomware defense should be capable of predicting it, anticipate the risk and act before the ransomware attack can wreak havoc. For this, organizations will have to invest heavily in ransomware research, threat hunting capabilities, and adversarial simulation.
David Shear, Threat data governance manager at Vigilante, highlighted how ransomware defense will evolve in the future when he said, “The future of ransomware defense will no longer be simply scanning for vulnerable endpoints and adding ransomware detection to your endpoint protection – but a more thorough searching through your networks to detect anomalous activity – and simulating the ransomware adversaries you hope to defend against.”
With more and more companies opting for cyber insurance, businesses are more open to paying ransom than ever before. This has worked in favor of cybercriminals as they are now asking for higher ransom. We have already seen both victims and attackers are seen negotiating the price and that trend will become even more prevalent in the future.
As ironic as it might seem, this will create a new job role known as ransomware negotiator. They help businesses strike a better deal with attackers and help them decide whether they should pay the ransom or not. At the end of the day, you don’t want to make someone angry who have access to your data; otherwise, you are more likely to lose it forever.
One of the easiest and most effective ways to protect your business from ransomware attacks is to regularly backup your data. If you have a data backup, you can easily restore your data from there if the ransomware attack affects your business. On the contrary, having no data backup will make you play in the attacker’s hands as you have no choice but to pay the high ransom amount. That is why it is essential to have a data backup. You can automate the process of taking backup of your data seems a tedious task.
Sivan Tehila, Director of solution architecture at Perimeter 81, suggests that you should segment your network because it can reduce ransomware damage. Since ransomware moves laterally throughout the network and encrypts more data, you can hamper its ability to move by splitting your network into multiple smaller networks.
With network segmenting, you can isolate network traffic and apply filters or limits or prevent access between different network segments. Apart from that, network segmentation gives you better access control, enhances your monitoring capabilities and boosts performance.
Phishing is still the most common method used by cybercriminals to launch ransomware attacks. The good thing is that you can easily prevent such attacks by increasing employee awareness about social engineering attacks. Your cybersecurity training program should go above and beyond social engineering attacks and cover other cybersecurity aspects such as email, passwords and multi-factor authentication.
Higher cybersecurity awareness of employees helps them protect themselves from such attacks but can also come in handy when it comes to detecting ransomware attacks. They can raise the red flag as soon as they detect malicious activity. By reporting the threat early, it gives your security team more time to mitigate the risk.
Adam Laub, Chief Marketing Officer at Stealthbits Technologies, suggests, “Eliminating the troves of administrative accounts that maintain standing privileged access rights across all systems and applications enterprise-wide.” While Andy Michael, founder of VPN testing, recommends that you should “Block all social media sites on company property.” Irrespective of which approach you choose to go with, one thing is for sure, you need to rethink your company policies in order to protect your organization from ransomware threats better.
Is ransomware defense really catching up with ransomware attacks? What do you think? Let us know in the comments section below.