A cold reality in today’s enterprise is that ransomware is looming and threatening organizations constantly – like a lion behind the tall grass waiting patiently for its prey. It has unequivocally become the biggest threat to an enterprise alongside malware and phishing, even more so than a natural disaster or hardware failure, or a zero-day attack.
In 2019, ransomware payments were made in the tens of millions. In 2020, the amounts demanded has doubled. By targeting understaffed and overburdened organizations, hackers have made a lucrative business out of committing nefarious acts.
It’s time for organizations to band together to stop this lucrative illegal trend. They can start by paying attention to behaviors reported by various cybersecurity providers. These behaviors provide insight to how the hackers operate, and how they target their victims.
Hackers don’t just fish for likely targets – they research their prospects and spring when the opportunity suits them. They can spend several months spying on a network completely undetected, sometimes more than a year as was the case in 2016 with a Hollywood studio. Once hackers succeed with their initial intrusion, they will find ways to make lateral moves within the network while remaining masked and undetected while disabling, encrypting, extracting, or destroying data and systems.
Armed with behavioral insights, network operators or security officers can implement security features necessary to avoid enabling bad actors in executing malicious scripts and from elevating their privileges to target security software or OS features.
For every ransomware attack we see in the news, there are hundreds of others that do not get reported. Many organizations fear that reporting attacks will shake the public’s confidence in their brand. Regardless of whether or not they chose to report the activity, if facing ransomware demands, they should not consider paying to regain control over their data.
When ransom is paid, it emboldens cybercriminals and perpetuates this vicious cycle that continues to fuel their malicious activity. The most important reason why thieves can steal data and hold it for ransom is because organizations are not maintaining their security policies and backup strategy.
CyberEdge Group reports that in 2020, of those companies that paid ransom, only 66.9% recovered their data. Of those that did not pay, 84.5% recovered their data. The odds are in favor of not paying. Organizations need to be pro-active to combat the onslaught of these attacks and create a solid data protection plan that includes:
- Buy-in / support from management
- Implementing anti-virus software to close the front door entrance to the network
- Leveraging encryption technology in all stages of the data: at rest, in transit and active
- Training/security awareness among employees
- Local disk backup with object lock for fast onsite fast recoverability
- Leveraging cost-effective solutions that can truly airgap data indefinitely for long term protection (like onsite tape backup/long-term)
- Replicating data offsite to a cloud provider for disaster recovery or object storage
- Cyber insurance should only be used as a last resort
The data protection plan should also include processes and policies in place to instruct how to address potential security vulnerabilities before allowing users to work remotely. Trying to create them on the fly (in crisis mode) will lead to increased risk and exposure. It is imperative to understand the consequences of not having a solid strategy to protect data and your network.
Additionally, organizations must invest in training personnel, making preparations for an attack in their business continuity plans, and conducting testing, testing, and more testing. IT professionals should not negotiate with criminals and implement a swift pro-active approach to ransomware and malware protection.
They must also understand that mitigating risk takes more than one technology and also that ransomware protection must come in layers. No one single solution can achieve the protection needed for the assault organizations are experiencing. Behavioral changes are a must to bring this dark market to a halt.
It’s imperative that organizations prepare their data protection plans now. Criminals are persistent and are willing to spend hours to find a way to hijack and hold organizations hostage. The first step is always the hardest, but by working together the IT community can bring this criminal activity to its knees and end the vicious cycle of paying ransomware that provides their revenue stream.