Ransomware attack trends continue to evolve, and the current iterations are no exception.
By Derek Manky, chief: security insights and global threat alliances at Fortinet’s FortiGuard Labs
During the last year, malicious actors have attacked healthcare organisations, medical trials, schools, and shipping agencies. Considering the impact these modern attacks can have on organisations everywhere, no matter the industry, security professionals must always be ready to secure their systems, networks, and software in new ways.
And, according to a recent FortiGuard Labs global threat landscape report, ransomware remains a prolific threat which increased in 2020 and became even more disruptive. Having an endpoint security software and device protection solutions in place, will allow your organisation to secure every user and device on and off the network with advanced response.
Threat researchers are increasingly seeing encrypted versions of data being posted online – not just held for ransom – along with the threat that if the ransom is not paid, all of the data will be released to the public or sold to a buyer.
As a result, organisations have begun to appear on the Dark Net with a business model centered on negotiating ransoms. And while systems like this may sound like an easy fix, they can actually have long-term negative effects, including the normalisation of criminal behaviour.
A top-down approach to creating a strong ransomware mitigation strategy includes:
* Continuously providing employees updates on new social engineering attack methodologies so they know what to look out for.
* Establishing a zero-trust access (ZTA) strategy that includes segmentation and micro-segmentation.
* Regularly backing up data, storing it offline and off-network to ensure rapid recovery.
* Encrypting all data inside the network to prevent exposure.
* Regularly practicing response strategies to ensure all responsible parties know what to do in case of an attack, thereby reducing downtime.
* Implementing a strong security posture that includes behaviour-based endpoint security to automatically detect and defuse potential threats in real time, even on already infected hosts.
* Patch, Patch, Patch. Out-of-Band, emergency, patches will happen. Organizations need to have a plan in place through change control processes to ensure they can respond to emergency patches.
* Getting serious about cybersecurity training and awareness for employees as well as family and students. The home is the new branch today and a vector into the core network.
Modern ransomware attacks place data and lives at risk, meaning organisations must take a more proactive approach with real-time endpoint protection, detection and automated response solutions to secure their environments. From a technical standpoint, cyber hygiene, zero-trust policies, network segmentation, and encryption offer protections.
Further, these strategies work best when organisations leverage asset visibility tools to identify their critical assets – once they know where the data resides, they can create a proactive protection strategy.
Finally, the human element remains as important as technology. Building relationships with law enforcement to share information and threat intelligence is the final piece of the ransomware puzzle. The only way to defeat cyber criminals is to work together against them.