Manish Chasta, Co-Founder and CTO, Eventus TechSol
Cybersecurity threats are damaging, but few are as devastating as ransomware. Ransomware is becoming a trillion-dollar cyber economy over the next five years. According to Cybersecurity Ventures, if measured as a country, cybercrime — predicted to inflict damages totalling USD 6 trillion globally in 2021 — would be the world’s third-largest economy after the U.S. and China. The biggest contributor to this number is ransomware alone.
The factor contributing to this rapid growth of cybercrimes is that it is now a more organized venture with many actors joining the big money game. The Ransomware-as-a-Service (RaaS) model has branched out into so-called affiliate programs, where every step, from finding and compromising victims to deploying the file-encrypting malware on the network and negotiating the ransom, is being managed by dedicated personnel, much like an enterprise. In addition, state-backed threat actors are getting involved for financial rewards or disruptive purposes, making the already unfavourable situation worse.
A Shift in Ransomware Attacks
Ransomwares far-reaching consequences affect the entire organization, halting operational processes, disrupting mission-critical services, and sometimes even placing people in danger. These attacks are also among the most expensive to counter.
As technology advances, so should the cybersecurity practices that protect it. A ransomware defence strategy should be a top priority for any organization. Without it, poorly secured users and organizations risk losing sensitive information.
Today, RaaS software developers create software packages. These have a high probability of penetrating the target system with low discovery. It offers cybercriminals tried-and-true tactics for carrying out their attacks. It is like any subscription software that allows perpetrators to pay a monthly fee in exchange for carrying out malicious activity. This means that one need not be a tech person anymore to engage in ransomware or malware attacks.
Strategies and Practices by which Organizations can Defend Themselves from Ransomware
The Indian government has issued new directives requiring organizations to report cybersecurity incidents to India’s Computer Emergency Response Team (CERT-In within six hours, even if those incidents are port or vulnerability scans of computer systems. CERT-IN states it has identified specific gaps causing difficulties in security incident analysis and response and that it needs to impose more aggressive measures.
Establishing a proactive ransomware prevention approach is essential to avoid being a ransomware victim. To successfully protect against these risks, first, organizations should invest in security awareness training for their workforce. Stringent security standards must be put in place to help secure employees while not interfering with the workflow.
Even if organizations have the strongest firewalls and other security solutions, an attack could still get through. They must have a strategy in place for dealing with this situation. It is wiser to formulate a strategy than attempt to mitigate an attack after it has occurred. Remember that hackers are already attempting to gain access to a company’s data, so organizations must work extra hard to prevent an attack before it happens.
Some strategies and practices include:
- Integrating Ransomware Response Services: Cyber attackers have transformed ransomware as their new go-to tool for attacking and extorting businesses, employing a broader version such as RYUK, Sodinokibi, STOP, DJVU, Phobos Dominate, Dharma, GlobeImposter, Wallet, WannaCry, Cryptowall, Samas, Locky, and TeslaCrypt. Integrating ransomware response services will help companies recover faster and minimize the business impact of a cyber-attack by recovering quickly with a structured approach and experts, who can help lower incident response time, minimize breach impact, conduct a deep investigation, and help companies recover quicker.
- Practicing Data Backup: One of the simplest risk mitigation practices is to back up organizational data to an external storage or cloud server. In the event of a ransomware attack, the organization can reset the system and reinstall the backup files. Ideally, businesses should back up their critical data regularly.
- Updating and Maintaining Latest Software: Many hackers exploit businesses that rely on outdated systems that have not been updated in a long time. Organizations must always update and maintain the latest operating system, web browser, antivirus software, and any other software. Malware, viruses, and ransomware are constantly evolving, with new variants that can circumvent the company’s old security measures. Therefore, businesses must ensure that everything is patched and up to date.
- Segmentation of Network: Since ransomware can spread rapidly across a whole network, it is critical to keep it as contained as possible in the case of an attack. Network segmentation involves dividing the network into smaller networks, allowing the organization to isolate the ransomware and keep it from transmitting to other systems. To avoid ransomware from reaching the target data, each subsystem should get its security controls, firewalls, and unique access. Segmented access will not only help stop the threat from spreading to the main network but it will also give the security team more time to spot, isolate, and eliminate the threat.
Ransomware is a concern to all businesses, regardless of their size. Even paying ransom may not help recovering the data for businesses. In most cases, attackers either have compromised the data despite paying ransom, or have never given it back unscathed. The above-mentioned practices and strategies can help you avoid the devastating effects of ransomware. They can enable firms to improve their security and efficiency, allowing them to scale.