Ransomware is among the most damaging cybersecurity threats of all time, costing the U.S. economy hundreds of billions of dollars annually — and there’s no relief in sight. Analysts predict that these digital extortion schemes will represent more than half of all global cyberattacks in 2024.
Worse yet, the attacks are becoming increasingly complex and sophisticated. A notable trend is the rise of double- and triple-extortion techniques in which attackers not only encrypt the victim’s data but also threaten to release sensitive information. Some also threaten to launch distributed denial-of-service (DDoS) attacks unless additional ransom demands are met.
In addition, Ransomware-as-a-Service (RaaS) platforms allow hackers with very little technical proficiency to rent or purchase malicious software and support services on the dark web. This commodification of ransomware opens up the cyber extortion game to a much wider range of players, amplifying the overall threat landscape.
All organizations need a coordinated plan for addressing the elevated risk. Following are some industry best practices for preventing and mitigating ransomware incidents:
- Safeguard Backups. Maintain offline, encrypted backups of critical data, and regularly test the availability and integrity of backups. An offline backup is essential protection against attacks that attempt to delete or encrypt backup data to force victims to pay a ransom.
- Segment the Network. Segmentation divides the network into smaller, isolated parts with unique security controls that establish least-privilege access for each segment. It won’t stop an attack, but it restricts ransomware from spreading throughout the network.
- Secure Email. Email filters and secure gateways help block phishing emails, the most common ransomware delivery vehicle. They analyze emails against databases of blacklisted URLs, flagged keywords and other characteristics, and then block or quarantine suspicious messages before they are delivered to the intended recipient.
- Implement Zero-Trust. In a zero-trust environment, every user and device must continuously authenticate and authorize themselves before accessing resources, both within and outside the network perimeter. This approach limits the potential attack surface for ransomware by verifying the legitimacy of every user and device attempting to connect.
- Limit Remote Desktop Services. These services create a pathway for users to access corporate systems from remote locations, but they also introduce additional entry points that threat actors can exploit. If not properly secured, exposed RDS implementations can become targets for brute force attacks, credential theft or other methods commonly used by ransomware operators.
- Create an Incident Response Plan. An IRP documents a structured and coordinated approach for responding to security incidents. With a well-defined plan in place, organizations can quickly isolate infected systems, investigate the extent of the compromise and implement remediation measures. This includes restoring systems from backups, applying security patches, and deploying countermeasures to prevent the spread of ransomware.
- Maintain Golden Images. Golden images are preconfigured templates that can be used to deploy new systems quickly and efficiently. In the event of a ransomware attack, organizations can isolate affected systems and roll back to a clean state using the golden image.
- Use Infrastructure as Code. Organizations can use IaC scripts to define and deploy infrastructure configurations programmatically. In the event of a ransomware incident, IaC allows for rapid and reliable recovery by re-creating the entire infrastructure from the code, minimizing downtime and reducing the risk of reinfection.
While these measures can significantly improve an organization’s ransomware defenses, the need for continuous monitoring and management can strain internal IT teams. The security pros at Verteks can help. With continuous threat monitoring, rapid incident response capabilities and access to cutting-edge security tools, we can detect and mitigate ransomware attacks in real time, reducing the potential impact on business operations. Contact us to learn more.
