In August of 2020, just five months after the onset of COVID-19, hackers were waging 4,000 successful ransomware attacks per day on unsuspecting businesses. It was a 400% increase from pre-COVID-19 numbers, according to the FBI. Today, the attacks persist and tend to surge even more around the holidays. In fact, CBS News reported that up to 1,500 businesses in the U.S. and other parts of the world were impacted by a ransomware attack over the 2021 Fourth of July weekend.
Why has ransomware become such a mainstay for hackers? Why have organised crime rings and even nation states joined with bad actors, magnifying the threat — and reach — of these types of attacks? It’s because the financial payoff for ransomware in particular has become significant, so more hackers are investing in those tactics. Anytime the juice is worth the squeeze, you're going to have more people doing it.
So how is your organisation supposed to mount any kind of effective defense against these types of attacks? As with any cybersecurity use case, creating a multilayered defense will best protect your environment and assets from ransomware.
A multilayered defense includes:
A layered approach to preventing ransomware isn't all that different than the approach that we take with malware. Yes, it means keeping the bad guys out by deploying effective endpoint security and teaching users not to click on malicious links or unknown documents. It also means improving threat intelligence, particularly around command and control. The protective, or preventive, side of ransomware defense is straightforward — limiting the vectors that the ransomware actor has to inject into an environment.
But when it comes to ransomware, it’s not enough to just keep bad actors out. We must also focus on the recovery and continuity aspects of security. To do this, organisations need to ask themselves key questions like:
Options like immutable storage and backup are becoming popular, despite them being last-resort solutions. According to Sophos’ State of Ransomware 2021 survey, the number of organisations that paid a ransom increased from 26% in 2020 to 32% in 2021 — but fewer than one in 10 (8%) managed to get back all of their data. As lose-lose situations like these become more commonplace, having the nuclear option has become increasingly helpful to security teams.
As we move from the traditional data centre model to centres of data and see more edge computing involving artificial intelligence, it’s critical to remember: These areas, along with remote workstations, need to be protected with the same type of multilayered approach.
As you pursue excellence across your ransomware defense strategy, remember: