The risk of a ransomware attack continues to increase at a frightening triple-digit annual growth rate. How bad is it? Bad, really bad. Businesses based in the U.S. face an 80% chance of an attack, compared to 31% chance in EMEA and 9% in the Asia-Pack region. As the attackers’ sophistication increases and cybergangs are forming, it is important to understand what the attackers are going after and how to increase your ransomware resilience.
Ransomware Demand and Payment Trends
- In 2022, companies with $10 million in revenue or less had an average payout of $690,9961
- Large enterprises (revenue of $5 billion plus) took a bigger hit, with an average $2,464,3392 ransom payout
- Recent ransom demands have been as high as $30 million with payouts that have exceeded $8 million
- Threat actors are increasingly focused on extortion techniques—often layering them on top of each other
- Harassment is another extortion tactic being used in more ransomware cases. Ransomware threat actor groups will target specific individuals in the organization, often in the C-suite, with threats and unwanted communications3
- Cybercriminals threatened to leak stolen data in about 70% of ransomware cases involving negotiation in late 20224
- The United States is still the most severely impacted, accounting for 42% of the observed leaks in 20225
- As of late 2022, threat actors engaged in data theft in about 70% of cases compared to 40% in mid-20216
Don’t Count on the Government for Help
A report from The Committee on Homeland Security and Governmental Affairs “America’s Data Held Hostage: Case Studies in Ransomware Attacks on American Companies” documents notable attacks on three U.S. companies from REvil – a Russian cybercrime ring. The report found the federal government's response to these incidents sorely lacking and "recalled there was no 'here's a playbook' discussions with the FBI regarding how to best respond.” The document doesn't name the three companies, all of which reported the attacks to law enforcement, and instead refers to them as entities A, B, and C.
The Senate Committee recommends that companies take steps to make it more difficult and costly for ransomware gangs to breach their networks. This includes security basics like patching vulnerabilities, using multi-factor authentication, keeping device and software inventories, requiring employees use complex passwords, maintaining offline backups, and encrypting sensitive data. It also calls on the FBI and the Cybersecurity & Infrastructure Security Agency (CISA) to work more closely to share information and do more to help ransomware victims recover their data and mitigate damages.
5 Ways to Increase Your Ransomware Resilience
As the bad actors continue to hone their tactics, it’s more important than ever to bolster your defenses and improve your ransomware resilience. Here are five ways to increase your resilience:
- Improve your Data Protection - its is your last line of defense
- Implement a hardened data protection solution with a comprehensive ransomware detection & remediation tool kit
- Security requirements include hardened OS, immutable retention locked snapshots, encryption, MFA, RBAC, etc.
- Ransomware capabilities include: Immutable & retention locked snapshots, rapid & granular detection of compromised data, sensitive data inspection, established “last known good” to prevent reinfection and rapid recovery orchestration
- Establish an employee training regimen
- There are many solutions available to both train and assess your employees’ threat landscape knowledge and best practices. It cannot be overstated how critically important employee training and awareness is.
- Implement a robust security posture that includes:
- Regular OS patching for all devices within your network
- Up-to-date antivirus and anti-malware software on all devices
- Robust email security including SPAM filtering, phishing detection & prevention, link inspection, etc.
- Establish Zero Trust practices for critical resources
- Use the principle of least privilege to limit user access to only the resources and data required for their job responsibilities.
- To improve security, require strong, unique passwords for all accounts and consider multi-factor authentication (MFA) for critical services.
- Monitor user accounts and revoke access to terminated or inactive personnel
- Develop an Incident Response plan
- Identify an incident response provider and put them on retainer to streamline engagement when needed
- Establish a dedicated incident response team with defined roles and responsibilities as well as a robust incident response plan
- Perform recurring ransomware recovery roundtable exercises with key stakeholders including executive, IT and LoB resources
You’ve Been Attacked – Now What?
Clearly time is of the essence once the ransom demand has been made. Expert and immediate help is critical. Our partner, Palo Alto’s Unit 42 elite threat intelligence team of cybersecurity experts, brings together threat researchers, incident responders and security consultants to create an intelligence-driven, response-ready organization. Unit 42 advisors can provide you with the hotline needed to negotiate next steps and guide you before, during and after an incident with an intelligence-driven approach.
How Daymark Can Help
Daymark’s team of senior consultants can help your business approach the threat of ransomware pragmatically, across many facets of your environment. Our industry knowledge from data center to cloud, coupled with strategic partnerships like Palo Alto, can help ensure that your business is taking the appropriate precautions and employing the most useful technology to protect and recover the data most important to you.
Contact us if you have questions or would like to take the next steps for ransomware recovery advance planning.
1-2 https://www.scmagazine.com/resource/key-findings-the-state-of-ransomware-2023-report