Cybercriminals are carrying out more and more sophisticated attacks. Two of the most used and that allow you to obtain benefits quickly are Phishing and ransomware attacks. With the latter, our files are encrypted and the cybercriminal is going to ask us for a ransom so that we can recover them. Ransomware attacks proliferate in the real world in a variety of ways, including social engineering attacks and exploits. These attacks cost organizations millions of euros in data recovery. In this article we are going to see how you can fight ransomware with visibility.
Ransomware attacks on the rise
Ransomware attacks have increased by an average of 518% during the first half of 2021. It is also worth noting that the payment of ransomware ransoms has increased by 82% . On the other hand, there has been a significant increase in attacks related to medical care. In this regard, 560 health care centers were attacked in the United States alone. This is a worrying fact because it can sometimes cost human lives.
Companies are starting to focus on what layers they can put in place to combat ransomware attacks. Most organizations have basic email security in place where a secure email gateway (SEG) is implemented. However, it is not enough because a cybercriminal can insert a link or file that bypasses these checks. For that reason, attack vectors must be considered comprehensively. You may be interested in knowing how long a ransomware attack takes to execute.
Complexity increases the attack surface
Today in many cases our data is no longer on a physical server in a local data center that we have physical access to. They are often hosted elsewhere on machines that are managed and maintained by another company. Some teams let their guard down because they believe that if their public cloud gets encrypted, someone else will step in and everything will be fixed. Those customers estimate that their cloud service provider can revert all files to a previous version and they will have almost no problem. That might be true with some providers but it’s not always the case.
It takes one click for an attacker to put an entire company at risk. People are going to make mistakes, even those who are prepared. We are not going to have environments that are protected 100% of the time and we need to take action in case this happens. On the other hand, there are two things to keep in mind to prepare for a ransomware attack:
- In the event that our data is encrypted we must be able to restore our systems as quickly as possible.
- After a restore, there is still concern that a cybercriminal has extracted sensitive or private data.
In this aspect, fighting ransomware with visibility can help us, as we will see later.
Cloud based recovery systems
Disaster Recovery and Business Continuity (DRBC) is surely the most difficult piece to solve and also the most ignored. Today, cloud-hosted solutions make recovery much easier because they take snapshots in time of your data. As a result, cloud storage makes DRBC much faster than legacy solutions like physical servers and devices.
If ransomware is to be prevented, companies need to improve their strategies and move to a next-generation cloud-based strategy.
Fighting ransomware with visibility
Defending against ransomware involves establishing complete visibility into our data. Fighting ransomware with visibility helps us implement policies to ensure that sensitive information never leaves the organization, and also helps block policy-violating files like cloud-stored ransomware from entering.
On the other hand, communications in addition to email have been evolving towards team collaboration tools. Workers sometimes use them to chat and catch up socially. These tools can be used as an attack vector, some examples could be Slack or WebEx. In that regard, the cybercriminal only needs one click on a link to launch their malware and start the encryption process.
SASE and zero trust
According to Damian Chung, Chief Security Officer at Netskope, we need a secure access service edge (SASE) architecture and data loss prevention (DLP) capabilities. He also adds that this could protect our users within clouds such as OneDrive or Google Drive and also our corporate Slack channel.
On the other hand, it is also necessary that zero trust becomes part of what we must do. We need to fight the ransomware threat with complete security visibility beyond data to a holistic view of users, computers, and programs. Lastly, you might be interested in knowing why you shouldn’t pay ransomware to get your data back.
