How to proactively detect and prevent ransomware attacks

3 years ago 335

Two retired of 3 organizations surveyed by ThycoticCentrify were deed by a ransomware onslaught implicit the past 12 months, and much than 80% reportedly opted to wage the ransom.

Young Asian antheral  frustrated by ransomware cyber attack

Image: Getty Images/iStockphoto

The cardinal to combating immoderate benignant of cyberattack is to forestall it earlier it happens, oregon astatine slightest earlier it's capable to origin important damage. That's particularly existent with ransomware. Once an attacker gets their hands connected your delicate data, they tin forestall you from accessing it and tin adjacent leak it publicly. That's wherefore galore organizations deed by ransomware take to wage the ransom. For that reason, detecting and preventing an onslaught successful the archetypal spot should inactive beryllium your eventual goal.

SEE: Security Awareness and Training policy (TechRepublic Premium)

A study released Tuesday by information supplier ThycoticCentrify looks astatine the menace of ransomware and offers proposal connected however to halt these types of attacks earlier they interaction your organization. The caller report, titled "2021 State of Ransomware Survey & Report: Preventing and Mitigating the Skyrocketing Costs and Impacts of Ransomware Attacks," is based connected a survey of 300 IT concern determination makers successful the US.

Among the respondents, astir two-thirds said they were victimized by a ransomware onslaught implicit the past 12 months. Of these, 83% said they ended up paying the ransom. In effect to the incident, much than 70% accrued their information budgets. But the harm had already been done.

Some 50% of the victimized organizations said they mislaid gross arsenic a effect of the attack. Another 50% took a deed to their reputation. More than 40% mislaid customers. And much than 30% were forced to laic disconnected employees.

Asked to place the areas astir susceptible to ransomware attacks, 53% pointed to email, an denotation that cybercriminals often usage phishing messages to effort to get relationship credentials oregon instal malware. Some 41% cited applications arsenic an avenue to a ransomware attack, portion 38% listed the cloud.

Asked to place the apical onslaught vectors, 26% cited privileged access, meaning accounts and services that person elevated rights to retrieve the astir captious information and assets. Attackers emotion to compromise specified accounts arsenic doing truthful gives them afloat web oregon domain entree wherever they tin bash large damage. Another apical onslaught vector was susceptible endpoints, cited by 25% of those surveyed. With the displacement to the unreality and distant working, the fig of endpoints has skyrocketed, challenging organizations to unafraid them all.

SEE: How to go a cybersecurity pro: A cheat sheet (TechRepublic)

Cybercriminals don't motorboat a ransomware onslaught connected the spur of the moment. Rather, they usage the archetypal entree to a machine oregon web to execute surveillance. Known arsenic dwell time, this play enables the attacker to afloat recognize the network, scope retired captious and susceptible resources, and yet find and exfiltrate captious data.

ransomware-attack-dwell-time.jpg

Image: UltimateITsecurity.com

Recommendations

  • Use Privileged Access Management for aboriginal detection. Since attackers often dwell connected a web earlier compromising your data, you request to observe a breach arsenic aboriginal arsenic possible. From there, you request to artifact the attackers from exploiting privileged entree accounts and obtaining a way to your network. One exertion that tin assistance with these tasks is Privileged Access Management (PAM). Such tools not lone negociate and restrict privileged entree connected a granular level but assistance you recognize a ransomware onslaught arsenic it occurs truthful that you tin halt it from happening again.
  • Use multi-factor authentication (MFA) wherever possible. As attackers tin summation entree to your web done stolen relationship credentials, marque definite you instrumentality MFA connected each internet-facing systems.
  • Keep assets up to date. Security vulnerabilities are different avenue ripe for exploitation. Make definite you signifier due spot absorption to support your software, devices and different assets up to date.
  • Turn to zero trust. Develop a zero spot strategy that helps you enforce slightest privilege entree crossed each your applications, unreality platforms, systems and databases. Zero spot is 1 of the champion ways to halt an attacker from escalating privileges and roaming your web undetected.
  • Minimize idiosyncratic disruption. Make definite your information tools and policies don't disrupt your chap employees. End users are much apt to bypass information policies erstwhile they're hard oregon frustrating to follow.
  • Isolate delicate data. Protect and isolate delicate data, including your backup and reconstruct capabilities. Attackers often effort to disable your backup systems earlier they bargain your superior data.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article