Ransomware continues to evolve, and as we’ve seen in the past year, it shows no signs of slowing down. From attacks on healthcare organizations to medical trials, to schools and shipping agencies, ransomware is leaving almost no industry spared.
Security professionals need to protect themselves from attack fatigue, as well as a sense of helplessness. And, despite increased awareness of the need for improved cybersecurity, ransomware continues to plague many organizations. But there are ways to take the upper hand and succeed against this significant risk.
The ransomware crisis
Ransomware has the potential for significant consequences. Beyond the obvious financial losses and the lack of productivity that can result from systems going down, there can also be far more dire impacts as we have seen this year in healthcare and vaccine research.
What we’re seeing more often is that valuable intellectual property and sensitive information isn’t just being encrypted and held for ransom. Encrypted versions of that data are also being posted online, with the threat that if a ransom is not paid, all of the data will be released for public access. Organizations are now popping up on the darknet with a business model of negotiating ransoms, which might sound like an easy fix but can have long-term negative consequences, namely, normalizing criminal behavior.
And as IT and OT continue to converge, ransomware is converging right along with them. That means that holding the OT edge for ransom could become a new reality. When field devices and sensors at the OT edge –including power grids, transportation management infrastructures, medical systems and other critical resources – suffer ransomware attacks, the threat becomes exponentially larger. The ramifications grow greater. Even more data, devices and, potentially, lives will be at risk.
Some companies choose to pay the ransom. It can seem easier than the IT team spending days trying to recover data while the business lies idle. Nowadays, it’s definitely not guaranteed.
In fact, the U.S. treasury even recently warned that companies that help facilitate the payment of ransoms on behalf of cyber victims could face legal consequences because it sets a precedent for other bad actors – sending the message that they’ll get what they want. And even when you do pay the ransom, that doesn’t mean the troubles are over; sometimes information has already been exposed and can still cause long-term problems, as mentioned earlier.
A strong defense
The goal should always be prevention first, and cyber hygiene is key to this. Why are people targeted for ransomware? Because the attackers know the entity has high-value assets. So then, cyber hygiene has to be a board-level conversation. The amount you’ll pay for a data breach can be more than it would have cost to create the right cybersecurity posture in the first place.
Organizations need a strong ransomware strategy. It must include the ability to strip out malicious content in an email using content disarm and reconstruction tools. To limit the resources that can be impacted, networks need to be segmented as part of a zero-trust network access (ZTNA) strategy. Full data backups need to be stored offline and off network to ensure rapid recovery. And data inside the network needs to be encrypted so that it cannot be used or exposed by cybercriminals. This needs to be paired with a full response strategy that is practiced regularly to eliminate downtime.
Working with law enforcement
Cyber defense is only as good as the threat intelligence, technology and people/processes informing them. And that process starts by building and maintaining good relationships across customers, partners and vendors.
Yet, another key part of the equation is the cybersecurity industry openly partnering with law enforcement and global or regional organizations like US-CERT to help turn the tide of cybercrime. It is important to encourage and share intelligence with law enforcement and other global security organizations for the desired goal of effectively taking down cybercrime organizations. Defeating the ransomware attack is one piece; working with law enforcement is another. This cooperation is foundational to making it harder and more resource-intensive for cybercriminals to operate. It’s also the best way to end the cycle. Private-public partnership programs can be used successfully not only to share threats and data, but they can also help victims recover their encrypted data.
In addition, when private companies share information with law enforcement and important government agencies, it expands visibility and provides greater insight. Rather than working with a smaller view of the cybersecurity landscape, these two groups combine their knowledge to get a fuller picture. Cybercrime has no borders, so actionable threat intelligence with global visibility helps both groups move from being reactive to proactive.
Similarly, the more organizations begin to leverage and share playbooks which are detailed views of the “fingerprints” of cybercriminals, the stronger and more strategic defenders can become. Headway is already being made in regards to playbooks. Going forward, Blue team (defensive) playbooks can help form a winning strategy against present and future cyberattacks. Also, by pairing AI with these playbooks, security teams can build an advanced, proactive protection framework that can not only respond in real time to discovered threats, but also continue to evolve over time to provide more refined and granular responses even earlier in the attack cycle.
Victory is possible
Ransomware continues to dominate headlines and cause chaos, but organizations can protect themselves from it. When not just data but even lives are at stake, organizations have to up their cybersecurity game. Cyber hygiene, a zero-trust policy, network segmentation and encryption are some of the tactics that will help protect against ransomware. In addition, asset visibility, and identifying the most critical assets in your organization are vital so that you can map out a proactive data protection strategy ahead of time. The cybersecurity industry must also work with law enforcement to share information and threat intelligence, which will ultimately benefit both the public and private sectors. The fight is real, it’s serious, and it’s everyone’s responsibility.