Enterprise ransomware prevention measures to enact in 2021
After refusing to pay for their stop, attackers leaked 4,000 files from the Scottish Environment Protection Agency. This was one of the latest ransomware attacks.
The SEPA attack doesn’t seem to be an exception. This illustrates the growing damage that ransomware attacks can cause and the need for organizations to increase their security.
Ransomware is rampant and companies are being targeted with a lot of resources. It’s something that you need to be prepared for,” stated Jesse Varsalone (associate professor of computer networks, cybersecurity, University of Maryland Global Campus (UMGC).
Ransomware attacks against enterprises are becoming more sophisticated in scale, sophistication, and effect. Victims may not be able to restore backups or consider themselves fully recovered.
Security teams are under increasing pressure to adjust their enterprise ransomware prevention strategies. They need to be more proactive and take more defensive steps to identify and stop bad actors before they strike.
Ransomware attacks continue to rise
Ransomware is a malicious technique that allows bad actors to install malware on an organization’s computers and demand payment via Bitcoin to stop the attack. After the ransom has been paid, hackers will provide codes to the victim organization to unlock or decrypt the affected files and systems.
Michael HamiltonIt is a form of extortion that should be called such. It’s going to be the preferred way of monetizing cybercrime,” stated Michael Hamilton, founder of CI Security and former CISO for Seattle.
Many companies have refused to pay and instead tried to restore their systems or computers according to their incident response plans. Others paid the ransom, only to be victimized again by hackers or ransom codes that didn’t work.
Gary Pennington, a partner at Alchemi Advisory Group LLC in Dallas, a cybersecurity consulting and business continuity advisory firm, stated that his company worked with a 500-employee-company following an attack. The ransom was $900,000. However, the hackers sent a second message to the company requesting $800,000.
These incidents highlight the increasing complexity and high cost of ransomware attacks. These assessments are supported by studies. These assessments are supported by studies.
Ransomware expected to increase in 2021
Experts predict that ransomware attacks will increase in volume, scope, and cost in 2021.
- The types of ransomware attacks that will be used in the future will change.
- Bad actors will continue to exploit the pandemic, the weak security that comes with large work from home scenarios;
- Hackers are now more organized and entrepreneurial in their work.
“I see an increase in ransomware use and ransom payments.” It’s a viable business model that people without conscience can use to make a lot of money from anywhere,” stated Matthew Rogers, CISO at managed cloud provider Syntax.
Many attacks still begin with a successful Phishing scam in which an authorized user opens an email attachment or clicks a link believing it to be legitimate, but instead unleashes malicious code. Willis Towers Watson, an advisory, risk management, and insurance brokerage company based in London, found that 63% of all cyber incidents were directly caused by employees.
Experts said that phishing emails are becoming more sophisticated and more like legitimate content. They also noted that hackers have been creating malicious code to evade detection, so they can hide in systems to study targets. Pennington from Alchemi said that he had worked with one company after the ransomware attack. He found out that hackers had been monitoring activity for months to time their attack during vacations of the database administrator.
Hackers are also targeting their victims more often and creating attacks based on their profiles. This increases the sophistication of these attacks. Hamilton from CI Security said that the “era of the shotgun blast” is over, with hackers trying to find anyone stupid enough to click.
Hackers are evolving, with more criminal entities and state-states engaging in attacks, sometimes even working together, offering ransomware for anyone willing to pay.
Hackers are also expanding the damage they plan to do. Hackers are not only looking to encrypt the systems of organizations but also to steal sensitive data or regulated data. They threaten to release it if they don’t pay the ransom. Hackers can use victim’s systems for denial of service attacks. They also use victim’s systems as a tunnel to more lucrative targets, such as customers or business partners.
These observations were confirmed by FireEye, a cybersecurity company. Its report ” A global reset: Cyber security predictions 2021″ stated that “ransomware types [are] increasing alongside with frequency of attacks.” An alarming trend is that attackers are making changes to their ransomware tactics, techniques, and procedures. They also increasingly use ransomware as an offering service. This includes malware and the skills required to deploy it on an ongoing or one-time basis.
Expert tips for enterprise ransomware prevention
Experts recommend that organizations take the following steps to help prevent successful attacks:
- To help users avoid falling for phishing schemes, strengthen user education and security awareness programs.
- Deploy email controls. To limit email spoofing, Philip Chan, an adjunct professor of cybersecurity at UMGC, recommended the use of spam filters to prevent phishing emails and DomainKeys Identified mail, an email authentication method to limit it. For better protection, he also recommended using Sender policy Framework and Domain-based message authentication, reporting, and conformance.
- Establish business processes to limit, or even eliminate email transactions. Alchemy’s Pennington stated that this makes emails with attachments and links stand out more, making them more suspicious.
- Test and develop incident response plans to identify the cyber insurance policy contacts, outside consultants, and legal advisors who will be involved in recovery. Pennington stated, “Have all your contacts lined up in advance.”
- Use established security best practices such as the implementation of a strong password. Program for patch management This includes keeping your systems up-to-date, using antimalware and antivirus software, and applying the principle of least privilege to access control.
- To further reduce vulnerabilities, you can implement newer technologies. Varsalone stated that many tried-and-true security methods can be used. However, a single error can make you vulnerable. He suggested that a layered approach to security could help reduce vulnerabilities. Change Management tools, for example, track corporate updates and provide visibility into the organizational systems. This can allow IT to identify unauthorized changes that may indicate vulnerabilities or malicious code. Behavioral analytics is a security tool that can detect normal user behavior and identify anomalies that could be indicative of malicious actions. Experts also recommend modern endpoint detection, and response.
- As part of layered defense, adopt multifactor authentication, zero trust, and security frameworks.
- Get more aggressive in monitoring, threat detection, and even threat hunt. Consolidate these activities in a security operation center, whether outsourced or in-house, that has the resources to respond and handle suspected threats. Rogers from Syntax said that if you don’t act quickly and then wait three days to detect it, you will have a problem.