This month marks CISA’s 18th Cybersecurity Awareness Month, a joint effort between the government and public to raise awareness of the importance of cybersecurity. In this blog, we’ll share ways to protect yourself, your organization, and its most critical systems from ransomware.
What is Ransomware?
Ransomware is malware that uses encryption to make data or hardware inaccessible to the victim until a ransom is paid. Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive, typically adding a unique extension (e.g., “.aaa” or “.locky”) to show that files are encrypted. Once the ransomware encrypts the files and folders, it creates and displays instructions on how the victim can pay the ransom. If paid off, the threat actor may provide a cryptographic key that the victim can use to access the files. The most common attack vectors for ransomware are remote desktop control (RDP), phishing, and software vulnerabilities.
Business Impact of Ransomware in 2021
Ransomware attacks have been making headlines all year, from manufacturing to healthcare to utilities, causing victims to get locked out of their systems and putting strain on supply chains. The impact is substantial—disrupting operations, production, and shipping—and far reaching. When businesses eventually regain access to their systems, they have to increase run rates to make annual goals. A ransomware attack also has huge financial impacts for earnings, forensics, and disruption costs, on top of paying the actual ransom.
Due to a blend of market dynamics and the current environment, these attacks show no sign of slowing down. The pandemic has led to a greater number of employees working remotely via home or public—less secure—networks. Coupled with accelerated digital transformation and cloud migration, organizations’ most critical systems are particularly vulnerable. Through big-game hunting (where threat actors study targets with sensitive downtime, like business-critical applications) and ransomware-as-a-service (RaaS), we see cyber criminals going after bigger targets, exploiting poor security controls, and charging larger ransoms. And payment methods like Bitcoin have made it easy for criminals to collect. In a survey conducted by Kaspersky, more than half of ransomware victims in 2021 paid up to gain access to their own information. For comparison, in 2019, only 15% paid an attacker’s ransom.
Steps to Secure Your Business Against Ransomware
Protecting your organization from the looming threat of ransomware starts with end user education.
- Cover the basics by having secure connectivity, MFA, and SSO: When using a public Wi-Fi network, your computer is more susceptible to attacks. To stay protected, avoid using public Wi-Fi for sensitive transactions or use a secure VPN service. Multi-factor authentication (MFA) offers an extra layer of security, requiring users to provide at least two forms of authentication. In combination with MFA, single sign-on (SSO) can increase password strength and provide a more streamlined experience by allowing users to log in using an already trusted third-party verification.
- Keep systems and applications patched and updated: Regularly updating computer programs, operating systems, and applications helps to protect you from malware. Proactively updating technology has the strongest effect on improving defenses.
- Do not open suspicious email attachments: Email is a primary entry point for ransomware. Make sure the email is trustworthy and double check the email address and sender.
- Integrate existing systems with new processes: As your organization formulates new security processes and adopts new tools, ensure that they are integrated with existing systems to ensure that they’re protected.
- Develop plans for a proactive approach to securing your critical systems: Organizations need a ransomware plan that goes beyond the scope of just protecting endpoints, backing up files, and hoping for the best. Organizations should leverage the powerful native security capabilities of modern software technology. Establish the right risk-based patch, code, and vulnerability management processes to stay ahead of ransomware groups.
While backups and endpoint security will help you mitigate the risk of ransomware, they are not enough. Additional security gaps and potential points of entry exist. According to Gartner, a new security model is needed: A risk-based vulnerability management process. “Don’t try to patch everything; focus on vulnerabilities that are actually exploitable. Go beyond a bulk assessment of threats and use threat intelligence, attacker activity, and internal asset criticality to provide a better view of real organizational risk.”
Our team of security experts has observed this security gap in real time. The Onapsis Research Labs has detected attackers bypassing endpoint detection and accessing data through the application layer. Onapsis has been focused on protecting business-critical applications since 2009. The Onapsis Platform targets the application layer and serves as an essential part of our customers’ plans to protect their business-critical applications from ransomware attacks.
Learn more Cybersecurity Awareness Month and how to protect your organization at https://www.cisa.gov/cybersecurity-awareness-month.