(* )
The rise of ransomware has quickly become an extremely lucrative criminal enterprise, as targeted organizations often pay the ransom to get their data back quickly. But every single organization that pays to recover its files is directly funding the development of the next generation of ransomware. As a result, ransomware continues to evolve, with more sophisticated variants and more specific targeted attacks. Recent research from Cybersecurity Ventures predicts ransomware attacks will cost the global economy $6 trillion annually in 2021!
Ransomware must be prevented when possible, detected when it attempts to breach a network, and contained to limit potential damage when it infects systems and endpoints. Ransomware defense calls for a new best-of-breed security approach that spans the organization from the network edge, to the domain name system (DNS) layer, all the way to the data center and across endpoint devices, no matter where they’re being used.
Businesses and organizations of all sizes, across all industries are at risk for these attacks. However, with the proper technology safeguards in place and the proper security trainings there is still hope to fight ransomware.
Why Should You Care?
Ransomware is one of the fastest-growing malware threats today and according to research from Cybersecurity Ventures, a new organization will fall victim to ransomware every 11 seconds in 2021.
Being locked out of your own files for even just a day will have impacts to your business operations. But given that ransomware takes most victims offline for at least a week, or sometimes months, the losses can be significant. Systems go offline for so long not just because ransomware locks the system, but because of all the effort required to clean up and restore the networks. And it is not just the immediate financial hit of ransomware that will damage a business; consumers become wary of giving their data to organizations they believe to be insecure.
First Line of Defense
To prevent ransomware, employee awareness and an understanding of how ransomware happens is critical. When employees understand the real impact of ransomware, they become invested in keeping their organization (and themselves) alert to cyberattacks. Your employees are your first line of defense against ransomware. Creating a corporate culture that encourages cyber security awareness learning, discussion, and openness will help employees slow down and carefully review emails, attachments, and advertisements.
Best Practices
The following best practices should be implemented to prevent attackers from gaining access to your organization’s network and systems:
• Reinforce company policies regarding not sharing or revealing user credentials (even with IT and/or security), strong password requirements, and the role of authentication in security (including the concept of nonrepudiation, which gives users the “It wasn’t me!” defense).
• Encourage the use of company-sanctioned Software-as-a- Service (SaaS) applications, such as file-sharing programs, to exchange documents with others rather than email attachments, as a way to mitigate (or completely eliminate) phishing attacks containing malicious attachments.
• Consider non-native document rendering for PDF and Microsoft Office files in the cloud. Desktop applications such as Adobe Acrobat Reader and Microsoft Word often contain unpatched vulnerabilities that can be exploited.
• Instruct users who do not regularly use macros to never enable macros in Microsoft Office documents. A resurgence in macro-based malware has been observed recently that uses sophisticated techniques to evade detection.
• Explain incident reporting procedures and ensure that users feel comfortable reporting security incidents with messages like “You’re the victim, not the perp” and “The cover-up is worse (in terms of damage) than the event.”
Since ransomware has become so multi-faceted, so too must our protections. Ransomware penetrates organizations in multiple ways, so fighting it requires a multi-front strategy. No single technology or best practice alone can prevent it. We must think of ransomware defense as an ongoing, layered process. As a Cisco partner we offer solutions that protects against ransomware with an integrated platform approach across a breadth of critical control points backed by best-in-class threat intelligence and research from Talos.
