Remember the early days of ransomware attacks? The approach seems almost comical today. Send an email to as many people as possible about needing help transferring millions of dollars to an American bank from a far-off land. Tell users that they’ll get a nice cut of the loot if they click a malicious link.
Today’s ransomware attacks are far more sophisticated, targeted and insidious. Businesses are the primary target, with organizations facing a ransomware attack every 11 to 14 seconds. About two-thirds of ransomware infections come from phishing emails, many of which are professionally designed and difficult for even a trained eye to spot at first glance.
Instead of simply blocking access to data, nearly four in five ransomware attacks in the first half of 2021 involved the threat of exfiltrating data and publishing sensitive information to an extortionist’s website. Criminals are doing more to increase their leverage and force the victim’s hand.
This is the state of ransomware today. The general concept is still the same. Trick users into clicking malicious links or opening infected attachments to activate ransomware. Threaten to permanently delete or expose the victim’s data if a ransom isn’t paid within a certain timeframe. The methods and goals of today’s ransomware attacks, however, have made them more dangerous.
Let’s discuss what can be done to stop them.
- Continuous Monitoring. Because ransomware attacks occur every few seconds, you need tools that monitor your systems around the clock to detect and automatically mitigate threats.
- Timely Systems Updates. Hackers know when there are vulnerabilities to exploit. Automate updates to systems, applications and software whenever possible, and have a process in place to ensure all other updates are installed as quickly as possible.
- Network Segmentation. Keep sensitive data separate from the rest of the network and control access to these segments based on user role and trust status. This will prevent attackers from moving laterally through the network.
- Layered Email Security. Email filtering, email gateways, and automated testing and blocking of executable files create multiple hurdles for phishing emails to leap before reaching the user’s inbox.
- Endpoint Protection. Update endpoint configurations instead of relying on default settings. Use modern endpoint discovery and response solutions that can detect and mitigate threats in real time.
- Immutable Backups. Hackers aren’t just going after the data that is being actively used. They’re targeting backups. Make sure data is backed up frequently and use immutable backup systems that cannot be compromised, encrypted or altered.
- Multifactor Authentication. Ransomware attacks often target user credentials. If a username and password are compromised, multifactor authentication will force the criminal to provide a dynamically generated code, fingerprint or other information to access an account.
- Threat Intelligence Sharing. Information on the latest threats must be shared quickly to ensure that security tools can detect and stop them. Look for security products that are part of a robust threat intelligence-sharing network.
- Security Training. Ransomware is spread by phishing, which works by successfully manipulating and deceiving humans. Train your team on how to spot an attack, how to report it, and what to do if a malicious link or attachment is opened.
This list may seem overwhelming, which is why it helps to work with an outside partner who knows how to prevent ransomware attacks. Verteks can help you put these security controls in place, monitor your systems, train your team, and respond quickly to security threats and incidents. Contact us today and take a proactive approach to protecting your organization from ransomware.
