Ransomware attacks aren’t just increasing — they’re undergoing an exponential rise as the shift to remote and hybrid work expands attack surfaces and offers new opportunities for compromise. Recent data makes this uptick clear: Attack volumes rose 93% in the first quarter of 2021 compared to the same period last year.
What does this mean for your organization? It’s only a matter of time before ransomware comes your way. While you may have flown under attacker radar for years, fundamental shifts in work and the structure of IT access have put companies of all shapes and sizes in the spotlight.
This evolving state of security begs the question: How prepared is your organization for an attack?
Understanding Common Attack Vectors
The underlying concept of ransomware is relatively straightforward: Malicious actors compromise key systems, install software designed to encrypt critical data, and then demand payment for its release.
Attacker approaches, however, can vary significantly depending on your existing IT infrastructure and current security posture. The top attacker entry points or “vectors” are web applications, email, and remote access gateways, respectively.
For example, one common attack vector starts with business account compromise (BEC) through methods such as phishing and social engineering. Cybercriminals collect social and corporate data about staff members and then send legitimate-looking emails that ask for login and password information. Once inside accounts, attackers can move freely to install malware and start encrypting data.
Ransomware may also be deployed via third-party services or connections. These include point-of-sale (POS) systems, cloud providers, software-as-a-service (SaaS) vendors or even network service providers. If attackers can compromise these services and move laterally into your network, security controls may not flag them as initially suspicious. Ransomware has also evolved to include data exfiltration and extortion to not release potentially sensitive data on the Internet.
Evolving global conditions have also set the stage for COVID-themed phishing emails that convince users to share key data or click through to supposedly authentic sites — which are in fact infected with malware and are designed to scrape user credentials and cookies to gain access.
The Role of Ransomware Readiness
For organizations, the evolving impact of ransomware speaks to the need for readiness. It’s not enough to simply respond when attacks occur. Instead, businesses must deploy tactics and tools that help them detect potential ransomware attacks before they compromise critical data.
In practice, readiness requires three key components:
- Visibility: Without the ability to see what’s happening on your networks, attackers effectively have free rein to install ransomware across your IT environment. By the time you see what’s happening, it may be too late.
- Flexibility: Every ransomware attack is different. It may have a different compromise point, code structure or encryption algorithm, meaning you need a unique strategy to protect your data. As a result, flexibility is key for protective success.
- Accountability: Security is a shared responsibility. To reduce the risk of successful ransomware attacks across your organization, it’s critical to create a culture of accountability that includes C-suite members, managers and front-line staff.
The Ransomware Readiness Assessment
How can you prepare for a ransomware attack? Consider all the components involved to protect your data.
- Identify key assets: Before you can effectively protect against ransomware attacks, you need to identify common targets. While all data offers some value to bad actors, their best bet to get paid is by restricting access to information your business needs for day-to-day operations. Therefore, it’s critical to find this data and shift it into highly secure storage and compute environments.
- Pinpoint potential vulnerabilities: Where are you most vulnerable? This is often a tough question to answer for in-house IT, whose familiarity with systems can contribute to assumptions of protection where potential holes exist. To help pinpoint potential vulnerabilities, it’s worth working with an outside consultant to find these problems first and identify areas where security may not meet current compliance standards.
- Deploy defensive services: Next are defensive services capable of reducing the risk and impact of malware. This starts with robust spam email controls to limit the risk of phishing, combined with strong identity and access management (IAM) to help ensure the right people have access to the right data.
- Educate all staff: While some attacks are purely outside-in, many have an insider component. Although most are accidental — staff may unwittingly provide access data or click through to a legitimate-looking site — the outcome is the same: encrypted and ransomed data. Regular staff education is a key component in getting ransomware ready.
- Monitor for malicious activity: Ongoing monitoring and management of IT systems is critical to better assure that attackers don’t slip through security cracks. With malicious actors continually exploring new ways to compromise corporate systems, you need 24/7/365 monitoring that helps quickly identify suspicious activity.
- Test, test, test: Last but not least — testing, testing, testing. Even with a robust ransomware response plan in place, you can’t afford to rest on your security laurels. Teams need to regularly test response practices to confirm they’re ready if and when an attack occurs.
To be response-ready for an attack, use this best practice incident response checklist to get your operations in order.
HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.
When it comes to getting ransomware ready, there’s no time to waste. Discover how HALOCK can help.