Enterprise ransomware prevention measures to enact in 2021
After refusing to pay for their stop, attackers leaked 4,000 files from the Scottish Environment Protection Agency. This was one of the latest ransomware attacks.
The SEPA attack isn’t an anomaly. This illustrates the growing damage that ransomware attacks can cause and the need for organizations to increase their security.
Ransomware is rampant and many resources are being used to hit companies. It’s something that you need to be prepared for,” stated Jesse Varsalone (associate professor of computer networks, cybersecurity, University of Maryland Global Campus (UMGC).
Ransomware attacks against enterprises are becoming more sophisticated in scale, sophistication, and effect. Victims may not be able to restore backups or consider themselves fully recovered.
Security teams are under increasing pressure to adjust their enterprise ransomware prevention strategies. They need to be more proactive and take more defensive steps to identify and stop bad actors before they strike.
Ransomware attacks continue to rise
Ransomware involves bad actors installing malware within an organization’s computer systems and then demanding payment — typically via bitcoin — to end the assault. After the ransom has been paid, hackers will provide codes to the victim organization to unlock or decrypt the affected files and systems.
It is a form of extortion that should be recognized as such. It’s going to be the preferred way of monetizing cybercrime,” stated Michael Hamilton, founder of CI Security and former CISO for Seattle.
Many organizations have refused to pay, opting to try to restore their computers or systems according to their incident response plans. Others paid the ransom, only to be victimized again by hackers or ransom codes that didn’t work.
Gary Pennington, a partner at Alchemi Advisory Group LLC in Dallas, a cybersecurity consulting and business continuity advisory firm, stated that his company worked with a 500-employee-company following an attack. The ransom was $900,000. However, the hackers sent a second message to the company requesting $800,000.
These incidents highlight the increasing complexity and high cost of ransomware attacks. These assessments are supported by studies. Skybox Security’s survey found that ransomware cases rose 72% between the first and second half of 2020. Other studies, however, have estimated the global ransomware cost at $20 billion for 2020. This is up from $11.5 million in 2019.
Ransomware expected to increase in 2021
Experts predict that ransomware attacks will increase in volume, scope, and cost in 2021.
- The types of ransomware attacks that will be used in the future will change.
- bad actors will continue to exploit the pandemic and the weakened security that comes with vast work-from-home scenarios; and
- Hackers are now more organized and entrepreneurial in their work.
“I see an increase in ransomware use and ransom payments.” It’s a viable business model that people without conscience can use to make a lot of money from anywhere,” stated Matthew Rogers, CISO at managed cloud provider Syntax.
Many attacks start with successful phishing scams. An authorized user opens an email attachment, clicks on a link believing it to be legitimate, but instead releases malicious software. London-based Willis Towers Watson, a risk management, insurance brokerage, and advisory company, analyzed its cyber claims data and found that an organization’s employees directly caused 63% of all cyber incidents, including inadvertent ransomware infection.
Experts said that phishing emails are becoming more sophisticated and more like legitimate content. They also noted that hackers have been creating malicious code to evade detection, so they can hide in systems to study targets. Pennington from Alchemi said that he had worked with one company after the ransomware attack. He found out that hackers had been monitoring activity for months to time their attack during the vacations of the database administrator.
Hackers are also targeting their victims more often and creating attacks based on their profiles. This increases the sophistication of these attacks. Hamilton from CI Security said that the “era of the shotgun blast” is over, with hackers trying to find anyone stupid enough to click.
Hackers are evolving, with more criminal organizations and nation-states participating in attacks, sometimes even working together, offering ransomware for those who pay.
Hackers are also expanding the damage they plan to do. Hackers are not only looking to encrypt the systems of organizations but also to steal sensitive data or regulated data. They threaten to release it if they don’t pay the ransom. Hackers use the victim’s systems to launch denial-of-service attacks, as well as use the initial victim’s systems to tunnel into more lucrative targets belonging to business partners or customers and then demanding ransoms from all involved.
Cybersecurity company FireEye confirmed these observations in its report, “A Global Reset: Cyber Security Predictions 2021,” stating that “ransomware varieties [are] increasing along with the frequency of attacks. One troubling trend is that attackers are not only making adjustments to their ransomware TTP [tactics, techniques, and procedures] but also increasingly moving to ransomware as a service, which includes offering malware and the skills to deploy it on a one-time or ongoing basis.”
Expert tips for enterprise ransomware prevention
Experts recommend that organizations take the following steps to help prevent successful attacks:
- Strengthen user training and security awareness programs to help users avoid falling for phishing scams.
- Deploy email controls. Philip Chan, adjunct professor of cybersecurity at UMGC who works at the U.S. Army Combat Capabilities Development Command Data & Analysis Center cybersecurity division, Aberdeen Proving Ground, suggested the use of strong spam filters to block phishing email and an email authentication method known as DomainKeys Identified Mail to limit email spoofing. For better protection, he also recommended Domain-based Message Authentication, Reporting, Conformance, and Sender Policy Framework.
- Establish business processes to limit, or even eliminate email transactions. Alchemy’s Pennington stated that this makes emails with attachments and links stand out more, making them more suspicious.
- Develop and test incident response plans that identify by name the legal advisors, cyber insurance policy contacts, and outside consultants who will play roles in recovery. Pennington stated, “Make sure you have all your contacts in place.”
- Follow established security best practices, such as implementing a strong patch management program; keeping all systems up to date; using antivirus and antimalware software; and using the principle of least privilege for access control.
- To further reduce vulnerabilities, you can implement newer technologies. Varsalone stated that many tried-and-true security methods can be used. However, a single error can make you vulnerable. He suggested that a layered approach to security could help reduce vulnerabilities. For example, change management tools track updates within corporate systems and create visibility into organizational systems, which, in turn, can help IT identify unauthorized changes that could indicate the presence of vulnerabilities or even malicious code. Behavioral analytics is a security tool that can detect normal user behavior and identify anomalies that could be indicative of malicious actions. Experts also cite the use of modern endpoint detection and response.
- As part of multifactor authentication and zero trust security strategy, you should adopt multifactor authentication.
- Engage in more aggressive monitoring, threat detection, and even threat hunting, and consolidate such activities within a security operations center — whether in-house or outsourced — that has the resources to respond to suspected threats. Rogers from Syntax said that if you don’t act quickly and then wait three days to detect it, you will have a problem.
Prevention is the best protection against ransomware attacks. Chan also stated that it is important to take safety precautions. “Infections can cause serious damage to an organization and may require a complex restoration.”