What Is Ransomware Protection?
Why Protect against Ransomware?
The probability that an organization will experience a ransomware attack is rapidly increasing. In the first half of 2021, the FBI's Internet Crime Complaint Center experienced a 62 percent year-over-year surge in reports, with nearly 2100 complaints. According to one survey, more than a third of organizations worldwide suffered an attack in 2021, with ransomware attacks occurring roughly every 11 seconds.
Given the potential damage to corporate systems and workflows should a ransomware attack shut down access to data or applications, it is not surprising that many companies elect to pay ransoms. Typical ransom demands range from hundreds of dollars to well into the millions. The average ransom paid is approaching $250,000.
Recent, high-profile ransomware attacks have affected critical infrastructure and the supply chain, already strained due to the COVID pandemic. One of the most well-known attacks targeted the Colonial Pipeline, which was responsible for transporting more than 100 million gallons of fuel daily. The results were a spike in fuel prices affecting consumers across the U.S.
Colonial paid a ransom of over $5 million ($2.3 million of which they later recovered), but the effects of the attack went further. According to company sources, remediation efforts extended into the tens of millions of dollars. Other attacks, including the CNA Financial and Kaseya attacks in 2021, had similarly catastrophic consequences.
Despite the growing ransomware threat, many organizations are unprepared to identify or deal with an attack; nearly half of all organizations lack effective incident response plans. Ransomware protection is essential to secure more than just enterprise networks and data. Effective ransomware protection also limits post-attack costs and reputational effects.
How to Protect against Ransomware
Raise Awareness
Employees are the primary attack vector for ransomware. Poor password hygiene, overly permissive access policies, and susceptibility to phishing scams (which remain the primary source of most attacks) expand an organization's attack surface, making it easy for cybercriminals to insert ransomware files. Unfortunately, many organizations enable these bad practices because they fear employee complaints if they institute stricter policies.
Organizations must properly train their employees to be vigilant for the signs of an attack and to defend against attacks proactively. For example, keeping employees from clicking on links in suspicious emails (e.g., ones with odd capitalization or misspellings) can go a long way towards a better security posture.
Just as importantly, organizations must make their employees understand the need for strict security policies. While employees may find it inconvenient to use strong passwords that they must change frequently, it would be far more inconvenient if they suddenly cannot do their work due to a successful attack.
Update Systems
Another common source of access for ransomware attacks is out-of-date and legacy software. Organizations must apply software patches quickly upon receipt, especially since many patches are explicitly correcting vulnerabilities.
Organizations should also create comprehensive digital asset inventories. Many enterprises have old, unused, and out-of-date applications still accessing corporate networks—without IT's knowledge. Eliminating or restricting these applications is another step toward reducing the company's attack surface.
Use the Proper Tools
Back Up Frequently
Backups are another essential tool in defending against ransomware. While they will not prevent attacks, they can limit the negative impacts of a successful attack and minimize the total damage to a company and its customers.
Backups and a strong business continuity plan allow organizations to quickly restore access to files and get back up and running without needing to pay a ransom. Nevertheless, they are ineffective in preventing cyber criminals from misusing data they can exfiltrate.
Ransomware Protection Best Practices
1. Strong Password Policies and MFA
2. Least Privilege Access, Zero Trust, and IAM Tools
3. Spam Filters, Antivirus Programs, and Firewalls
Because phishing emails are the most common source of ransomware attacks, and employees are highly susceptible to phishing scams, organizations need to limit how many of these emails reach employees. Well-configured spam filters are an important part of the prevention arsenal.
Similarly, antivirus programs are an effective first screen against known attacks. They should also be a part of a company's ransomware protection program.
Firewalls provide an added layer of protection when properly configured. Next-generation firewalls identify anomalies in network traffic using deep packet inspection, shunt aside suspicious files, and harden endpoints.
Misconfigurations of security tools create additional attack vectors, so organizations should be comfortable with their security personnel, whether it's an internal IT team or outside vendors, who are regularly verifying configurations.
4. AI and ML Endpoint Security Tools
FAQ
What is ransomware?
Ransomware is malicious software that restricts or prevents a user from accessing files on their device until a ransom is paid. Ransomware works by encrypting the files on a target device, effectively blocking the user's access.
In some cases, ransomware may go farther than simply blocking access. It may also allow cybercriminals to exfiltrate data they can distribute or sell. In addition, by gaining access to one device, they may be able to move laterally throughout enterprise systems, rapidly expanding the attack surface and potential damage to the organization.
What is ransomware protection?
Ransomware protection is a comprehensive cybersecurity effort that extends beyond detecting and preventing a ransomware attack and includes planning for remediation should an attack successfully bypass prevention efforts and the creation of critical backups and business continuity plans that allow organizations to quickly come back online in the event of a successful attack.
Who is at risk of a ransomware attack?
Everyone, from individual home users to corporate employees, is a potential victim of a ransomware attack. As long as there is a connection from a device to the outside world, whether a secured corporate network or a public wifi hotspot, cybercriminals will attempt to exploit it to insert ransomware.
What's the best protection against ransomware?
Organizations should apply several best practices to harden their systems against ransomware attacks, including:
- Developing, implementing, and enforcing anti-ransomware cybersecurity policies, including email and internet usage policies and strong password and multi-factor authentication policies
- Role-based permissions and least access policies to limit access to critical systems and data
- Implementing tools to proactively identify potential attacks, both known and zero-day attacks, using advanced analytical methods such as artificial intelligence and machine learning
- Training employees to responsibly use company resources and recognize the indicators of ransomware attacks
- Creating and implementing business continuity plans, including constant redundant backups, allows organizations to limit attacks' damage
Does antivirus protect against ransomware?
Antivirus programs offer, at best, a partial solution for ransomware attacks. Antivirus tools can be very effective against known malicious actors and vulnerabilities, but it is limited against zero-day attacks.
In addition, antivirus programs only operate on the front end of the attack. If an attack makes it through and infects a device, there is little antivirus programs can do to mitigate or remediate the attack.