Don’t break the bank: Stopping ransomware from getting the best of your business

Regardless of the method that threat actors use to commit cyberattacks—phishing, malware, and, yes, ransomware—the stages of every attack are remarkably similar. The end goal is gaining access to something of value—most often, sensitive, proprietary, or personal data. The stages of a cyberattack are analogous to that of a bank robbery. When discussing the progression of a cyberattack with CXOs, I often describe it like this:

• Stage 1: When bank robbers are planning a heist, the first thing they do is identify potential banks to target. In the cyber world, the bank represents your external attack surface—the part that’s visible to threat actors.

Read More

• Stage 2: Next, the thieves will devise a way to get inside the bank without being detected to establish a foothold. In cyber terms, this translates into the user, device, or vulnerable asset being compromised by a phishing or malware attack.

• Stage 3: Once inside the bank, the thieves will target the vault for the highest financial gain. In the cyber world, this translates to performing lateral propagation to gain access to crown-jewel applications.

• Stage 4: This is when the thieves make their getaway with large sums of money, which is just like how cybercriminals steal large volumes of data from these crown-jewel applications that they can then use to commit extortion.

Like any industry, cybercriminals seek ways to increase efficiency and maximize output while putting in the least amount of time and resources possible. This “industrialization” of ransomware attacks has given rise to some interesting trends this year, which has further fueled the overall increase in ransomware attacks worldwide. Some of the most interesting developments include:

• The advent of encryptionless attacks: Rather than encrypting stolen data, attackers are focusing on exfiltrating sensitive data to leverage for extortion. This novel method of attack presents new challenges for victims and security professionals because not only are traditional methods of file recovery no longer effective but the volume of attacks may increase because the time to carry out attacks is reduced.

• The rise of ransomware as a service (RaaS): This is a business model in which cybercriminals commission affiliates to compromise organizations and deploy their ransomware, enabling more sophisticated and frequent attacks.

• Targeting the cyber-insured: To maximize the chances of a successful payout, cybercriminals are increasingly targeting organizations that carry cyber insurance because they know that insured victims are more likely to pay ransoms.

• Weaponizing new SEC rules: In an ironic twist, cybercriminals are weaponizing SEC rules by filing complaints against companies who don’t comply with the new SEC reporting requirements, which mandate that organizations must report material cyber incidents within four days, placing additional pressure and scrutiny on companies.

These alarming trends serve as evidence that cybercriminals are getting more prescriptive and adaptive in their approaches to exploiting vulnerabilities that deliver maximum gain for the least amount of effort.

Despite the adeptness of cybercriminals in evolving their tactics to better evade detection and maximize profits, leaders who are proactive and committed to cybersecurity can strengthen their resilience against ransomware threats and minimize the scope of potential impacts. For most organizations, employing a layered approach that disrupts the attack at each stage—from reconnaissance and initial compromise to lateral movement, data theft, and payload execution—yields the best outcomes for defending against ransomware attacks. In addition, the following best practices can help fortify defenses against future ransomware attacks:

• Adopt a zero-trust architecture to break the attack chain. Minimize the attack surface by making it impossible for attackers to find and gain access to private applications. Prevent initial compromise by implementing SSL inspection, access control driven by business policies, threat protection, and deception technology. Eliminate lateral threat movement by connecting users directly to applications—never the corporate network. Stop data loss and malware delivery by controlling and monitoring SaaS application usage.

• Stay up to date. Securely back up all data regularly and keep software updated.

• Train employees to be vigilant. Regularly conduct security awareness training to educate employees on the importance of multifactor authentication (MFA) and strong passwords as well as simulation exercises involving the latest attack techniques.

It’s a reality that ransomware attacks will continue to evolve, and they show no signs of abating, but organizational leaders need not feel like helpless victims. By taking a proactive approach to implementing a cybersecurity strategy that leverages proven best practices and modern technologies, it’s possible to protect your organization against debilitating attacks.