If the growth of ransomware attacks in 2022 indicates what the future holds, security teams everywhere should expect to see this attack vector become even more popular in 2023. In just the first half of 2022, the number of new ransomware variants increased by nearly 100% compared to the previous six-month period. Our security partner Fortinet’s FortiGuard Labs team documented 10,666 new ransomware variants in 1H 2022 compared to just 5,400 in 2H 2021.
What is Ransomware?
Ransomware is malware that holds data hostage in exchange for a ransom. It threatens to publish, block, or corrupt data—or prevent a user from working on or accessing their computer unless they meet the attacker’s demands. Today, ransomware is often sent through phishing emails. These malicious attachments infect a user’s computer once opened. Ransomware can also be spread through drive-by downloading, which happens when a user visits a website that happens to be infected. The malware on that site is downloaded and installed without the user realizing it.
What is Ransomware Mitigation?
Attempted attacks and data breaches are inevitable, and no organization wants to be forced to decide between paying a ransom and losing important data. Fortunately, those aren’t the only two options. The best path forward is to take appropriate steps to safeguard your networks, which will lessen the chances your enterprise will be hit with ransomware. This approach requires a layered security model that combines network, endpoint, edge, application, and data-center controls, as well as updated threat intelligence.
In addition to implementing the right security tools and processes, don’t forget the role cybersecurity education plays in your mitigation strategy. Teaching employees how to spot a ransomware attack—and educating them about strong cyber hygiene practices in general—is a great defense against clever attackers.
5 Ransomware Best Practices
Effective ransomware detection requires a combination of education and technology. Here are some of the best ways to detect and prevent the evolution of current ransomware attacks:
- Educate your employees about the hallmarks of ransomware: Security awareness training for today’s workforce is a must and will help organizations guard against an ever-evolving array of threats. Teach employees how to spot signs of ransomware, such as emails designed to look like they are from authentic businesses, suspicious external links, and questionable file attachments.
- Use deception to lure (and halt) attackers: A honeypot is a decoy consisting of fake repositories of files designed to look like attractive targets for attackers. You can detect and stop the attack when a ransomware hacker goes after your honeypot. Not only does cyber deception technology like this use ransomware’s own techniques and tactics against itself to trigger detection, but it uncovers the attacker’s tactics, tools, and procedures (TTP) that led to its successful foothold in the network so your team can identify and close those security gaps.
- Monitor your network and endpoints: By conducting ongoing network monitoring, you can log incoming and outgoing traffic, scan files for evidence of attack (such as failed modifications), establish a baseline for acceptable user activity, and then investigate anything that seems out of the ordinary. Deploying antivirus and anti-ransomware tools is also helpful, as you can use these technologies to whitelist acceptable sites. Lastly, adding behavioral-based detections to your security toolbox is essential, particularly as organizations’ attack surfaces expand and attackers continue to up the ante with new, more complex attacks.
- Look outside your organization: Consider taking an outside-the-network view to the risks posed to an organization. As an extension to a security architecture, a DRP service can help an organization see and mitigate three additional areas of risk: digital asset risks, brand-related risks, and underground and imminent threats.
- Augment your team with SOC-as-a-service if needed: The current intensity we see across the threat landscape, both in velocity and sophistication, means we all need to work harder to stay on top of our game. But that only gets us so far. Working smarter means outsourcing specific tasks, like incident response and threat hunting. This is why relying on a Managed Detection and Response (MDR) provider or a SOC-as-a-service offering is helpful. Augmenting your team in this way can help to eliminate noise and free up your analysts to focus on their most important tasks.