How to Prevent Ransomware Attacks


Ransomware attacks are on the rise and getting increasingly sophisticated by the day. Many companies around the world are facing a record number of data breaches and phishing attacks. Some Fortune 500 organizations have faced threats in recent times while many others are anticipating and preparing themselves against the next attack.

How severe will the impact be? What are the best practices to protect the organization in the eventuality of an attack? What tools can help protect against such attacks or at least help detect them on time? Here is our concept of leading practice recommendations to some of these questions that are on top of the mind of every CXO.

What you need to know about cybercrime

The pandemic has forced companies to adopt a hybrid work model that demands enforcing different security paradigms. As technology advances, the threat landscape is also constantly adapting to the changing technologies. Research reports state that most IT organizations face one or more threats.

A recent cybersecurity research study by Bitkom showed that 70% of all companies that experienced a ransomware attack faced severe damage. The research also highlights that, in 25% of all cases, critical passwords were stolen, while 23% cases saw malware infections and phishing attacks. Over 82% of all participating companies expect a further increase in ransomware attacks. Bitkom has issued a cautionary note that the severity and complexity of such attacks will only rise in future.

Among the many myths surrounding cyberattacks, a popular one is that only large organizations are targeted. Research has shown that this is far from the truth. As per the U.S Chamber of Commerce, 33% of mid-market executives said they experienced ransomware attacks or demand in 2020. Thisi extends beyond large companies and cities to even rural districts.

Today, cybercrime has reached epic proportions with global online extortion raking in over $1.5 trillion USD in a year. It is taking shape into an organized crime syndicate with sophisticated operations, multi-layers of workers – from coders to data miners and even money-laundering specialists. Governments and law enforcement bodies are assimilating available information and monitoring these newly formed cartels. 

A study by Analyst1 shows several ransomware gangs including Twisted Spider (creators of Maze and Egregor ransomware), Viking Spider (creators of the Ragnar Locker ransomware), Wizard Spider (creators of Conti and Ryuk ransomware) and Lockbit Gang joined hands to run coordinated attacks and data leaks and even share intelligence and infrastructure.

The United States celebrates the month of October as Cybersecurity Awareness Month as a collaborative effort between government and the private sector to raise the importance of cyber safety and online security.

At this point, prevention and detection are the best available options for organizations. This necessitates the need to invest in the latest technology, obtain third-party cyber expertise and create security awareness from the grassroots level.

How to mitigate ransomware attacks

In a response to the pandemic, a new future is unfolding. The tremendous potential of a hybrid workforce that goes beyond the enterprise’s perimeter is unleashing across the world. Most organizations, however, are ill-equipped to respond to an attack. The 2020 cybersecurity study by Bitkom shows that 96% of participating organizations regard ransomware attacks as one of the most threatening scenarios. Yet, successful ransomware attacks demonstrate a significant lack of preparedness and a serious lack of precautions in most organizations.

Ransomware attacks typically exploit endpoint vulnerabilities and often spread with the help of end-user privileges.

Short-term counter-response strategies to stop the spread of malicious ransomware

  1. Restrict administrative access. Restricting end-user privileges and all end-user admins makes it harder for attackers to gain administrative rights on any kind of system. Use multi-factor authentication (MFA) as this can significantly limit the lateral spread of an attack.
  2. Scan IT infrastructures. Scanning for and patching vulnerabilities, non-compliances and abnormal configurations is an important ongoing activity. Apart from unaware users, vulnerable systems pose the greatest opportunity for attacks.
  3. Create an incident response strategy: Create an effective incident response strategy and regularly put them to the test. A well-structured incident response plan can quickly help detect, minimize the damage and reduce the cost of a cyberattack while preventing future threats.
  4. Ensure backup and recovery or critical data and systems. Protect the backup repository systems for a speedy recovery of your critical systems and administrative functions. Know the interdependencies between systems and data for a successful large-scale recovery.  
  5. Test your security network. Using a qualified third-party penetration testing service for anomalies, risks and possible vulnerabilities will help you avoid bigger damages.
  6. Heighten internal awareness. Emphasize organization-wide cybersecurity awareness with a strong focus on threats such as social engineering and phishing. Share information, employee training modules, and precaution measures (strong passwords, personal responsibilities, safe data storage, and retrieval) to monitor, analyze and build defense mechanisms.

Long-term counter-response strategies to protect against ransomware

  1. Prioritize ransomware prevention. The U.S. government has elevated ransomware threats to a level of priority similar to that of terrorism. This is the level of priority that corporate leadership needs to accord to cyberthreats. Apart from setting up security teams, upgrade technical and organizational measures and allocate budgets in proportion to the average cost of recovering from a ransomware attack (potential business losses, cost of restoring data, ransom pay) and its impact.
  2. Consider data security encryption. It can help avoid data breaches and reduce the possibility of a loss of business and reputation. Data security is not just an IT but a core business continuity issue.
  3. Assess disaster recovery: The need for a robust disaster recovery plan that is frequently tested and proven for rapid recovery to a ransomware attack cannot be stressed enough. It is vital to conduct business continuity exercises, assess risks involved and develop a detailed recovery plan ready to be swung into action. ISG offers Disaster Recovery Assessment services, combining the best elements of the NIST 800-34 (rev 1) contingency planning guide and the Service Continuity module of Carnegie Mellon University SEI Resiliency Management Model. Our clients who are confident of their well-preparedness at the end of their first assessment workshop learned to identify the major shortcomings in the implementation of their documented measures during subsequent drill downs.  

One of the key measures is to ensure your cybersecurity program incorporates adequate balance and resiliency in its execution plan. While there is a need to focus on the protection and detection of the attackers to prevent a ransomware attack, it is equally important to have a strong back-end system with tested and proven disaster recovery plans to help recover quickly.

Strategic preparedness and tactical readiness for cybersecurity

The world is waking up to the dangers of ransomware. With devastating attacks becoming more frequent, companies are taking days or even weeks to recover from it, and in many circumstances, a full recovery may not even be possible. What is required is a combination of strategic preparedness and tactical readiness that can help an organization navigate risks by evolving through disruption and uncertainty. Just as companies innovate and create continuously better products to stay ahead of the competition, threats need to be constantly monitored, risks and vulnerabilities continually mitigated and employees informed and trained on the latest security risks.

ISG helps enterprises build and incorporate a culture of security. Contact us to find out how we can help.