Ransomware is a rapidly evolving threat. Researchers predict that a new organization will fall victim to a ransomware attack every 11 seconds by 2021, and new methods and tactics are being developed all the time! This makes defending your organization’s data against ransomware more critical than ever before. As ransomware attacks continue to cause greater economic impacts, the patterns of attacks are changing to “quality over quantity.”
Several factors have contributed to the rapid growth and evolution of ransomware, including digital transformation initiatives (which greatly increases the number of potential entry points and the ability for attacks to propagate), the rise of Bitcoin (enabling easy and virtually untraceable payments to cyber criminals), and the emergence of Ransomware-as-a-Service (RaaS), which makes it easy for practically anyone to use ransomware. In this article, we’re sharing some key ransomware defence takeaways.
Paying a Ransom Doesn’t Solve Your Security Problems
For most victims of ransomware, it might seem like the quickest and easiest way to deal with the problem is simply to pay the ransom. However, paying a ransom for your files does not guarantee that you will get your files back.
Experts agree that you should not pay. This will flag you as an easy target by cybercriminals who have the means to target you again down the road. If you give in once, be prepared to be targeted more frequently by extortionists. However, risk evaluation needs to be considered if you do not intend to comply with cyber extortionists. Especially if you are a hospital, police department, or other critical institution. In these cases, many have decided to pay as the risk of not complying with the extorter outweighed the cost.
Although you may get access to your files, paying a ransom doesn’t necessarily solve your problems. In most cases, your files may be decrypted if you pay the ransom, but there’s no guarantee. Although it’s in the cybercriminals’ best interests to restore your files if you pay the ransom (if a ransomware campaign gains a reputation for not decrypting files when the ransom is paid, then there is no reason for future victims to pay the ransom), there’s no honour among thieves. This is particularly true with the emergence of RaaS because a “newbie” cybercriminal may not see the bigger picture. Also, if the encryption key doesn’t work for some reason, you can’t just call customer service!
There’s also no guarantee that the perpetrator didn’t install other malware or exploit kits to facilitate future cyberattacks against your organization. A copy of your files may also have been Exfiltrated for other purposes, such as selling your organization’s sensitive information on the dark web.
Paying a ransom directly funds and perpetuates future cybercrime. It’s the same thing as paying a ransom to terrorists or rogue nation-states in exchange for hostages. It emboldens, encourages, and finances similar acts in the future. Finally, paying a ransom doesn’t negate the fact that a serious security breach has occurred in your organization. Depending on the nature, scope, and circumstances of the breach, and the industry regulations and legal jurisdictions that your organization is subject to, you may be required to publicly disclose the breach and pay severe fines and penalties — kind of a slap in the face after already paying a ransom!
Build a Layered Security Architecture Based on Open Standards
Open and extensible standards enable a new best-of-breed architecture that allows new and existing security technologies to be easily integrated into a comprehensive security solution.
Deploy Integrated, Best-of-Breed Solutions
Defence in depth is a long-established security industry best practice. Unfortunately, until now, defence in depth has required organizations to deploy standalone (or point) security products that don’t integrate easily with other security solutions in the environment.
With the new best-of-breed architecture, organizations can deploy integrated portfolio-based solutions that reduce complexity in their security environment and improve their overall security posture.
Embed Security throughout Your Network Environment
Security must be inherent and pervasive throughout the organization’s entire computing environment, including across the network, throughout the data center, on endpoints and mobile devices, and in the cloud.
Reduce Complexity in Your Security Environment
Security technologies should be simple to deploy and use. Complexity introduces risk due to the possibility of misconfigurations and errors, and can potentially bury important indicators of compromise (IoC) and other data points in cumbersome and verbose logs. To pull together an integrated security plan and eliminate unnecessary complexity, don’t hesitate to lean on third-party security services and leverage their breadth of experience in order to complement your own in-depth knowledge and understanding of your organization’s environment and threat posture.
Leverage Cloud-Based, Real-Time Threat Intelligence
Ransomware and other cybersecurity threats are evolving rapidly. Zero-day attacks represent the greatest threat to most organizations. Cloud-based, real-time threat intelligence enables IT Teams to deploy the most up-to-date countermeasures as quickly as possible when new threats emerge, and leverage security expertise that extends well beyond their organization.
Automate Security Actions to Reduce Response Time
Wherever possible, security actions should be automated to keep pace with threats that can spread throughout an entire enterprise network within minutes or seconds.
Here are some examples of security actions that can be automated:
- Distribution and installation of antimalware and intrusion prevention system (IPS) signature files
- Centralized collection, correlation, and analysis of security logs and threat data
- Threat protection that blocks requests to malicious destinations before a connection is even established and stops threats over any port before they reach your network and endpoints
- Dynamic access control lists (ACLs), domain and website whitelisting/blacklisting, and firewall rule creation
Since ransomware has become so multi-faceted, so too must our protections. No single technology or best practice alone can prevent it. We must think of ransomware defence as an ongoing, layered process. The best technologies are up to date to catch the latest threats and are well-integrated so that one solution can pick up where the other leaves off.
Ransomware Defence Checklist
Protect your business’s IT infrastructure by taking proactive measures to defend against ransomware- starting with our free Ransomware Defence Checklist. Download your free copy of the AlphaKOR Ransomware Defence Checklist to get started with some easy Ransomware Defence tactics.
When in doubt, talk to the experts! To talk to an AlphaKOR IT expert today, send us a quick message through the chat bubble on the bottom right-hand side of our website, or call 1 (833) 944 6009.