Ransomware: How to Protect Yourself Before It is Too Late
Over the past few years, we have seen a large uptick in ransomware and the havoc that it can cause organizations. A recent IDC report shows that 79% of those surveyed activated a disaster response, 83% experienced data corruption from an attack, and nearly 60% experienced unrecoverable data.1 In response to these growing attacks, businesses that rely on ‘always on’ availability and avoiding downtime are focusing on the best strategy to align cyber security practices with the best means of protection against ransomware. To best protect your organization, you must grasp what ransomware is as it is evolving and what the anatomy of a ransomware attack looks like.
What is Ransomware? – An Overview
According to the Center for Internet Security, ransomware is a type of malware that blocks access to a system, device, or file until a ransom is paid by the attack victim. Ransomware encrypts files on the infected system, threatens to erase files, or blocks system access for the victim. The ransom amount and contact information for the bad actor is typically included in a ransom note that appears on the victim’s screen after their files are locked or encrypted. Sometimes the bad actor only includes contact information in the note and will attempt to negotiate the ransom amount once they are contacted.
What are the common events that trigger and lead to a ransomware attack?
Some of the most common ways ransomware infections occur are through:
- Malicious emails with compromised links or attachments
- Poorly secured network ports and services, Remote Desktop Protocol (RDP) that can lead to a network compromise. (e.g., Phobos ransomware variant).
- A compromise by another malware that leads to an infection of ransomware.
Additionally, there has been an uptick in bad actors that are targeting managed service providers (MSP) to further push out the ransomware to multiple entities that are under their management. These types of events happen when an MSP is compromised, and the bad actors use their infrastructure to disseminate and distribute the ransomware to the MSP’s clients. Not only does this compromise of the MSP broaden the bad actor’s attack vector, but also exploits the trust between the customer and their MSP.
What are the most common types of ransomware?
There are many different variants of ransomware floating around today and some are better known than others. You may have heard of some of the more known dangerous variants in the news or other media outlets such as:
- Lockbit 2.0²
But not all ransomware operates the same way, although the end goal of the bad actor is the same – getting paid the ransom. There are core differences in how the malware operates. Some of the most common ransomware types include:
- Crypto Ransomware is a malware that encrypts files or specific programs to block access to certain software until a ransom is paid.
- Wiper Ransomware is a malware that threatens to erase data unless a ransom is paid within a specific time.
- Locker Ransomware infects PCs and locks access to user’s files and data located on the PC until a ransom is paid.
How do you best mitigate threats and best protect against ransomware?
When you consider ransomware protection and recovery; it is not as simple as being able to recover your data. While that is a big component, protection also involves implementing the proper set of security controls and adopting good cyber practices to mitigate the risk of a compromise. So, what are some practical things your organization can do to better prepare to face this growing threat of ransomware?
- Implement a strong disaster recovery plan
- Consistently backup critical data
- Adopt and invest in a security awareness training program
- Install endpoint security on PC’s and servers
- Enable Multi-factor Authentication
- Implement Information privacy practices (e.g., clear desk policy)
- Adopt good patching practices for applications and operating systems
While implementing the above practices are a good starting point, there is always more that can be done to protect your organization. There are various public and opensource resources available, such as the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS). Both entities provide solid cyber security frameworks which organizations can align with to stay up to date with best practices and ever-changing cyber security needs.
Are you ransomware-ready? For more best practices and a checklist to follow, check out the Ransomware Readiness 101 Guide.
Recover In Minutes and Get Out of Ransomware Jail.
1. “IDC White Paper, sponsored by Zerto, The State of Ransomware and Disaster Preparedness: 2022, May 2022”
2. Federal Bureau of Investigation (FBI), “FBI Flash Report on Ransomware in 2022 (PDF)”, February 4th, 2022