Evolve your security strategy to defend against ransomware attacks

By Nagesh Ayyagari, VP Engineering, Ivanti


In recent times, the world has witnessed several ransomware attacks that not only pinned down users by keeping their data hostage but revealed vulnerabilities of the existing cyber ecosystem as well.

Ransomware is increasingly becoming a menace for individuals and organizations. While cybersecurity experts are grappling with containing these attacks, cyber criminals seem to be out doing each other and increasing the intensity of breaches – constantly evolving.

Ransomware attacks can be traced to a floppy disk-based incident with a demand for $189. Now it is a multi-billion-dollar cybercrime industry with hackers attempting to breach organizations through any means possible. Ransomware criminals are threatening entire internet ecosystem with their innovative operating methods and making large conglomerates, governments, and various other organizations vulnerable. The emergence of digital currency or cryptocurrency has exacerbated the process.

Nagesh Ayyagari, VP Engineering, Ivanti

Ransomware attacks are beyond just encrypted data

Ransomware attacks are particularly painful for organizations not only because they lose access to sensitive or critical data, but they often suffer days or weeks of downtime. Because of this, for many companies a breach and having data leak into the public domain makes paying the high ransom seem attractive.With a rapid surge in number of ransomware attacks, organizations around the world pay an average ransom of $220,298 every year.

A ransomware attack also costs the companies around 23 days of downtime on average following a shutdown, which translates into huge productivity loss, as they are unable to operate their core business functions during that period. Such attacks also create inconveniences and additional risks for consumers of those companies, resulting in loss of faith.

Other risks involved with ransomware attacks include breach of confidentiality and integrity of crucial data. For many organizations, data safety is paramount, considering the sensitivity of data. Think of sensitive and proprietary files, which are not meant to land in public domains or in the hands of rival companies or illegal entities. Exposure of such data due to ransomware attacks not only causes significant loss of overall reputation of the respective company, but they might lose crucial revenue streams to their competitors.

Similarly, with sensitive government files, if a ransomware attack results in a breach of data and if that lands in the hands of rival countries or illegal non-state actors, it might lead to serious consequences.

Ransomware becoming a headache for companies

The abovementioned reasons are enough to scare companies to keep their data secure. The greater the sense of insecurity is, the more the companies are ready to shell out to protect themselves from ransomware attacks. Interestingly, this is what lures cybercriminals to ramp up their malicious activities and find new ways to cash in on these opportunities. They also take it as a challenge to break even the latest safety barriers protecting the precious data of companies, whom ransomware attackers target.

But does paying ransom to cybercriminals an ultimate solution to protect data? The answer is NO.

Even if the victim organizations pay cybercriminals responsible for the ransomware attack to get access to decryption keys, it doesn’t guarantee that hackers will not sell the stolen data on the dark web for more money. Such incidents have already happened in multiple cases. Netwalker and Mespinoza ransomware criminals leaked stolen data from companies, despite taking hefty amounts of ransom from victims, as revealed by Coveware’s Q3 2020 Ransomware Report.

This certainly makes a case for companies to continuously upgrade defensive strategies to detect, prevent and respond to ransomware and other types of cybercrimes.

Taking the challenge to stay ahead is the key

Staying one step ahead of cybercriminals is challenging in the world of constantly evolving technologies. But that is also the key to staying relatively protected and preventing cyber-attacks. For this, companies must understand different tactics ransomware attackers follow and different dynamics of cybercrimes as well.

Modern ransomware attacks typically include various tactics such as social engineering, phishing email, and malicious email links. These also exploit vulnerabilities in unpatched software to infiltrate the companies’ systems and deploy malware into them. This is a consistent process and that means there are no days off from maintaining a protected system and maintaining good cyber-hygiene.

Cybercriminals always look for new points of vulnerability in the target’s cyber system. Hence, timely detection of threats and responding to them accordingly in a timely manner through real-time monitoring of various channels and networks is highly important. It is like a never-ending cyclic process.

While organizations work on their own cyber security system, they remain unaware of the next ransomware attack. This is despite all the security measures they adopt. The only realistic approach for this problem is that the organizations should install a multi-layered security strategy. This should include a balance between prevention, detection, and remediation of threats. Organizations should start that with a zero-trust security strategy.

Zero trust security and its effectiveness in protection against ransomware

Designing and initiating an effective zero trust security system to ensure better and more secure digital assets of modern enterprises requires an actively operational framework and a host of important technologies. Companies must mature their cyber security stance to be able to verify each of their assets and transactions before allowing any access to their network.

These verifications can be done through various methods. Ensuring that in-house systems are patched and up to date is one of them. Besides that, password-less multi-factor authentication (MFA) and unified endpoint management (UEM) deployment are among other methods.

To ensure an effective zero trust security system, using patches and vulnerability management are necessary to maintain device hygiene. Security teams can use key hyper-automation technologies such as deep learning tech to ensure that all endpoints, edge devices and data can be discovered, managed, and secured in real-time.

Organizations should consider taking part in drills to test their responses to ransomware attacks. This will help them assess a real life-like situation and test technologies in place to detect and prevent threats. It will also help them to devise a recovery plan that can play a crucial role in minimizing assessment time in a real threat situation. Such drills also help enterprises to understand whether and how they would be able to detect and respond to the threat.

It is impossible to predict when, where and how the cybercriminals will make their next ransomware attacks. Hence, it is always better for organizations to stay prepared. A zero-trust security framework can ensure that prevention is the key. And performing drills is a key to enhancing an organization’s capability to handle critical situations in a more effective manner. After all, practice makes everything perfect and there is no substitute to that, even if it is about an organization’s cyber security.


Please enter your comment!
Please enter your name here