Prevention is Better Than Cure: The Ransomware Evolution
In recent months, ransomware attacks have not left the mainstream media headlines. Research by IBM found that ransomware incidents ‘exploded’ in June 2020, seeing twice as many ransomware attacks as the month prior, as remote workers, away from the help of IT teams, were taken advantage of.
With the number and frequency of ransomware attacks increasing, not to mention the innovation in distribution methods, this should be a wake up call for organisations to strengthen their defences. By taking a preventative approach, businesses can take the necessary steps to strengthen their cybersecurity posture. This includes a combination of education, processes, hardware and software to detect, combat and recover from such attacks if they were to arise.
Ransomware in the 21st Century
Ransomware is not a new phenomenon, but its use has grown hugely and led to the development of the term ‘Ransomware as a Service’ (RaaS), which is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute attacks.
As ransomware incidents become more sophisticated, such as fileless attacks which exploit tools and features already available in the victim’s environment, the level of potential damage to a business is heightened. These types of attacks can be used in combination with social engineering targeting, such as phishing emails, without having to rely on file-based payloads. And unfortunately, ransomware is extremely difficult to prevent – all it takes is one employee clicking on the wrong link in an email or downloading a malicious attachment.
No matter the size of an organisation, the effects of ransomware can be devastating financially as well as inflict longer-term damage to business reputation. In the US, Colonial Pipeline paid the cyber-criminal group DarkSide nearly $5m (£3.6m) in ransom, following a cyber-attack which took its service down for five days. Some of the money was later recovered by the American Department Of Justice’s Ransomware and Digital Extortion Task Force. But if they pay once – they will pay multiple times. A successful ransomware attack can be used various times against many organisations, turning an attack into a cash cow for criminal organisations offering Ransomware as a Service. So much so, there is now an ongoing debate around whether it should be illegal for businesses or an individual to pay a ransom in order to try and deter the attackers, or at the minimum, to at least report it to the necessary regulators.
Contain and Report It
If a ransomware attack were to take place, it is important that the organisation works with local authorities to try to rectify the issue and follow the guidance. Often, many ransomware attacks go unreported – and this is where a lot of criminal power lies.
Prevention is always better than cure, and damage limitation and containment are important right from the outset. Most organisations should have a detailed disaster recovery plan in place. If they don’t, they should rectify this immediately. The key to every disaster recovery plan is backups. Once the breach has been contained, businesses can get back up and running quickly and relatively easily, allowing for maximum business continuity.
As soon as the main threat has passed, it is recommended that all organisations conduct a full retrospective audit, ideally without blame or scapegoats, and share their findings and steps taken with the world. Full disclosure is helpful – not only for customer, client or patient reassurances, but also for other organisations to understand how they can prevent an attack of this type being successful again.
The Support of Digital Tools
When it comes to ransomware, the importance of getting security foundations right must be emphasised. These attacks are not likely to stop or slow any time soon, but their success can be prevented with the right security armoury.
Particularly to mitigate the threat of ransomware, it is crucial to have secure endpoint protection in place which protects at the file, application, and network layer across a number of devices, and respond to security alerts in real-time. This has never been more important than during the ongoing pandemic, where employees are dispersed and working from home, in order to ensure all devices are protected and comply to the same standards.
Additionally, solutions such as email attachment and URL sandboxing are also vital, as these digital tools provide vital protection against malicious emails. They can help prevent dangerous links, attachments, or forms of malware from entering the users inbox by examining and quarantining them. By filtering out this traffic and automatically restricting dangerous content, businesses can maintain greater control over email and the access points to the network.
The Human Layer
The users themselves are a key part of any security strategy. Those who are educated about the types of threats they could be vulnerable to, how to spot them, and the steps to take in the event of a suspected breach, are a valuable and critical asset to any organisation.
Employees need to be trained to be vigilant, cautious, and assume their role as the last line of defence when all else fails. The final decision to click send on an email or a link lies with the human, but this one click could mean the entire organisation falls prey to a ransomware attack. The key is to change the mindset from full reliance on IT, to one where everyone is responsible. To strengthen a business’ human layer protection, security awareness training and education must be implemented across the board.
There are some programmes designed to support users in understanding the role they play in helping to combat attacks and malware. Using phishing simulations, for example, as part of the wider security strategy, will help to give employees insight into real life situations they may face at any point.
Conclusion
Cyber security is a multi-faceted, complicated area, and one which must receive investment in each layer, from the technology and the people, to the tools we give to the users. Nevertheless, businesses of all sizes can safeguard their data and themselves from these types of ransomware attacks by investing in their cybersecurity and ensuring their workforces are conscious and informed of the threats they face.
Both detection and prevention play a key role in stopping ransomware, but it shouldn’t be one or the other. The essence of a solid cybersecurity strategy is a layered defence that includes endpoint detection and response, email security, advanced threat protection, web security, and a business-grade firewall for the security of your network – at its most basic. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. That is why regular training, in addition to complementary security tools which reinforce security best practice, can provide a fortified strategy for users to mitigate the threat of a cyberattack.
Jack Garnsey
Product Manager and Security Awareness Training, VIPRE