Fortinet Inc.

05/02/2021 | Press release | Distributed by Public on 05/03/2021 14:56

Protecting Against Evolving Ransomware Attack Trends

A Tough Decision to Make

When impacted by a ransomware attack, some organizations may find it easier to pay than have their IT team spend days trying to recover data, all while business operations remain at a standstill. But this is not always the case. To remind organizations of this fact, the U.S. Treasury warned that facilitating the payment of ransoms on behalf of cyber victims could result in legal consequences, as it sets a bad precedent for other cyber criminals. It should also be noted that paying a ransom does not guarantee that the threat will go away instantly. In some cases, the information that organizations worked so hard to protect had already been exposed and can cause additional long-term problems.

How to Prevent Ransomware Attacks

Attackers know that end-users are high-target, high-value assets. Ransomware leverages social engineering attacks, preying on fears as a way to execute malicious code on devices. With this in mind, cyber hygiene must start as a board-level conversation.

A top-down approach to creating a strong ransomware mitigation strategy includes:

  • Continuously providing employees updates on new social engineering attack methodologies so they know what to look out for.
  • Establishing a zero-trust access (ZTA) strategy that includes segmentation and micro-segmentation.
  • Regularly backing up data, storing it offline and off-network to ensure rapid recovery.
  • Encrypting all data inside the network to prevent exposure.
  • Regularly practicing response strategies to ensure all responsible parties know what to do in case of an attack, thereby reducing downtime.
  • Implementing a strong security posture that includes behavior-based endpoint security to automatically detect and defuse potential threats in real time, even on already infected hosts.
  • Patch, Patch, Patch. Out-of-Band, emergency, patches will happen. Organizations need to have a plan in place through change control processes to ensure they can respond to emergency patches.
  • Getting serious about cybersecurity training and awareness for employees as well as family and students. The home is the new branch today and a vector into the core network.

Prioritizing Collaboration to Stay Ahead of Ransomware Attack Trends

Another key factor to developing a strong security posture is working with all internal and external stakeholders, including law enforcement. More data ensures more effective responses. Because of this, cybersecurity professionals must openly partner with global or regional law enforcement, like US-CERT. Sharing intelligence with law enforcement and other global security organizations is the only way to effectively take down cybercrime groups. Simply defeating a single ransomware incident at one organization does not reduce the overall impact within an industry or peer group.

Cyber criminals have been known to target multiple companies, verticals, systems, networks, and software. In order to make attacks more difficult and resource-intensive for cyber criminals, public and private entities must collaborate by sharing threat information and attack data. Private-public partnerships also help victims recover their encrypted data, ultimately reducing the risks and costs associated with the attack.

When private and public entities work together, they also expand visibility. For example, a bank may suffer a ransomware attack but fail to share information responsibly with law enforcement. Law enforcement working with a credit card company also impacted by the same cybercrime group needs that information to understand the criminal organization's full scope. Cybercrime lacks borders. Actionable threat intelligence with global visibility helps both the private and public sectors shift from taking a reactive approach to being proactive.

Create Defensive Playbooks

Similarly, by developing and sharing playbooks, which offer a detailed view of cyber criminals' 'fingerprints,' organizations can enhance their response activities. Detailing how known cyber criminal groups work only enables defenders to become stronger and more strategic. Blue Team (defensive) playbooks provide defenders with winning strategies against present and future cyberattacks. And when paired with Artificial Intelligence (AI), security teams can leverage the playbooks to build an advanced, proactive protection framework, enabling them to respond to new threats in real-time. AI also gives them the tools necessary to evolve their methodologies at the same rate as cyber criminals so that they can create more refined and granular responses earlier in the attack cycle.

Knowledge Equals Power and Protection Against Ransomware Attack Trends

Modern ransomware attacks place data and lives at risk, meaning organizations must take a more proactive approach with real-time endpoint protection, detection and automated response solutions to secure their environments. From a technical standpoint, cyber hygiene, zero-trust policies, network segmentation, and encryption offer protections. Further, these strategies work best when organizations leverage asset visibility tools to identify their critical assets - once they know where the data resides, they can create a proactive protection strategy. Finally, the human element remains as important as technology. Building relationships with law enforcement to share information and threat intelligence is the final piece of the ransomware puzzle. The only way to defeat cyber criminals is to work together against them.

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolio.

Learn more about Fortinet's free cybersecurity training initiative or about the Fortinet NSE Training program, Security Academy program, and Veterans program.