Fireworks lighting up the sky, the smell of backyard grills cranking out delicious food, and organizations reeling from massive global cyberattacks. Aaah….those not-so-sweet memories of that first weekend in July 2021, when hundreds of businesses were smacked with the financial, logistical, and reputational ramifications of ransomware attacks.
While hardly shocking news anymore, the 2021 ransomware hit, led by an international cybercrime ring, was just a small sampling of the growing lure of cybercrime around the world. After all, holding sensitive or business-critical data hostage can be a very lucrative "business” that draws in more perpetrators every day. But all is not lost. Organizations large and small can launch a strong, proactive defense against those who seek to profit from lax security around organizations’ all-too valuable data.
The 2021 Ransomware Attack: What Happened?
The cyberattack over the July 4th weekend in 2021was the work of REvil, a Russian-based group that found a way to exploit a computer bug previously unknown to even some of the top cybersecurity pros. When all was said and done, the attack was noted as the largest ransomware attack to-date, with up to 1,500 companies impacted and $70 million in ransom demanded.
While this attack stood out for its new exploitation approach, and the team behind REvil has since apparently gone dark, new threat actors are hardly scarce. Research from the Ponemon Institute found that 80 percent of companies have been victimized by a ransomware attack.
According to research sponsored by Sophos, here’s a few more unsettling facts:
- 37 percent of IT organizations spanning 30 countries were impacted by ransomware in 2021.
- It costs an average of $1.85 million to mitigate a ransomware attack.
- Downtime following a ransomware attack averaged 21 days.
Ransomware Defined
It goes without saying that ransomware involves some type of payment or ransom. When it comes to data being “kidnapped,” cybercriminals encrypt information and hold it in exchange for money, often in bitcoin, which is untraceable.
To add insult to injury, cyberthieves can even buy pre-set packages of malware to extort organizations called Ransomware as a Service (RaaS). These RaaS offerings deliver software support, payment plans, and more, should those want-be-thieves not want to develop their own ransomware.
How to Stop Ransomware from Impacting Your Business
Whether you pay in Bitcoin, reputation loss, downtime, or any combination of these costs, a ransomware strike hurts. That’s why preparing a strong defense in advance in anticipation that you’ll be targeted at some point is so important.
Related Reading: How a Data Security Breach Puts Your Organization at Risk
A ransomware attack can start simply by gaining access to a single employee, or website, or other point of entry before the attack engulfs an organization’s entire network. As it tours around, it leaves behind installed ransomware designed to encrypt your business-critical data. Your data is not lost. However, it can only be unlocked with a key held by the cyberthieves awaiting that ransom payment.
Following a few lessons organizations have learned over the years can help elevate your security stance against ransomware and other data leaks or theft.
Related Reading: Ransomware Playbook: Defense in Depth Strategies to Minimize Impact
Six Ransomware Lessons Learned
#1 Prepare Your Organization Against Ransomware
Preventing cybercrime may feel like a Herculean task, but putting resources into employee education, training, and simulation of potential phishing attempts can go a long way in tripping up at least some of the would-be bad actors set on holding your data hostage.
As the research indicates, most ransomware attacks start when one individual is targeted. With this in mind, consider your employees not just as points of vulnerability, but as your first line of defense. User training for everyone in your organization can help employees identify ransomware tactics such as phishing attempts.
#2 Follow Email Best Practices
Knowing the door into an organization’s network often begins with a nefarious email, installing technology to add a layer of security around an organization’s email inboxes is another proactive step to take.
First, decide what data needs protection. Typically, data that falls under compliance requirements, such as payment plan details, Personal Identifiable Information (PII), or medical data needs the automatic ease of a data classification solution applied to it to prioritize and categorize how different types of data are to be handled.
Additional mail security technology, such as data loss prevention (DLP) can then seek out and remove sensitive information from inbound or outbound emails and automatically apply encryption to sensitive data, removing some of the risks for employees transferring potentially sensitive data. A robust solution that operates beyond the basic “stop-and-block” approach, like DLP, can remove or redact sensitive information but still allow “good” information to continue on its path unhindered.
#3 Review and Refresh Your Data Security Policy
If it has been some time since your organization has taken a close look at its overall data security policy, there is no time like the present to dust it off. An effective policy requires:
- Management buy-in. Without the support of management to create and enforce a data security policy, organizations will be spinning their wheels and opening themselves up to potential liability.
- Manage your security policy. The best written IT security policy is of little use if that policy is not maintained and controlled. Automating policy controls and visibilities can take some of the burden off your IT staff and minimize human error by identifying and correcting any policy exceptions quickly.
- Employee education. A solid data security policy does no good if employees aren’t aware of it or practiced in how to follow it. Education, supported by technology that eases some of the manual tasks associated with adhering to an established data security policy, is the best combination.
#4 Identify Technology to Defend Against Ransomware
Fortra has developed a suite of technology solutions designed to put up a comprehensive defense against ransomware threats. By reviewing your established security policies or creating new ones based on today’s threat environment organizations can choose solutions that best meet their needs. Just a few solutions to consider:
Data protection: Classify and identify the data in your organization needing protection with encryption and needs-based access. Then control that data with digital rights management to follow and control it wherever it may travel.
Email security: Automatically protects inbound and outboard emails to reduce risks of cyberattacks.
Employee awareness training: Ensure your users know what suspicious activity, including social engineering, looks like to help prevent costly data breachers. With security awareness training and an assessment of your security stance you can better support established security policies.
Secure file transfer: The sheer volume of file transfers each day makes deploying a secure file transfer solution imperative. You can protect files while they are at rest and in motion with GoAnywhere MFT in place. User-friendly, secure, and automated MFT helps employees, partners, and customers move business critical data easily and without the need for special programming skills.
#5 Reflect, Test, and Identify to Help Deter Attack
If you’ve already been victimized by ransomware, take a thorough look at the paths to and in your network that were breached. Vulnerabilities can also be the result of having accounts on different systems and roles, and the access granted to different individuals or groups. Do those need to be reassessed? The number of interconnected relationships in just a small or mid-sized organization are staggering and only one of them needs to be breached by a bad actor to wreak havoc. It’s complicated. It’s hard. It’s also worth the time and resources needed to put up a defense.
To identify where your network may be vulnerable, consider penetration testing. This technology tests your organization’s IT infrastructure security by safely trying to exploit any vulnerabilities. It can identify weak spots in operating systems, services and application flaws, improper configurations or even risky end-user behavior. You can also implement an Identity and Access Management (IAM) solution to gain transparency as to who has access to your critical systems and if passwords are being synched with other accounts.
#6 Back That Data Up Already
If you thought you could outsmart hackers by relying on your backup instead of paying up, think again. Ransomware can target that asset as well. For extra assurance you’ll want to be sure your backups are on different networks or at a data recovery site.
Related Reading: Is Your Data Recovery Site Ready?
Those hackers are smart and getting smarter. Layered security solutions offer the best line of defense of data throughout its lifecycle.
Secure, Managed File Transfer Helps Defend Against Ransomware
GoAnywhere MFT is one of those layers. GoAnywhere is a secure file transfer solution for the enterprise. Utilizing encryption, automated workflows, and dashboard-style ease, GoAnywhere helps organizations lock down a pivotal aspect of data security – file transfers in and out of the organization. With GoAnywhere in place files are protected at rest and while in motion. See for yourself how you can incorporate secure file transfer into your ransomware defense strategy.