banner-why-daymark.jpg

Information Technology Navigator

Tips, Advice & Insights from Technology Pros

Increase Your Ransomware Resilience

Posted by Sean Gilbride

Thu, Nov 10, 2022

resilient-gdd21209da_1920

The risk of a ransomware attack continues to increase at a frightening triple-digit annual growth rate. How bad is it? Bad, really bad. Businesses based in the U.S. face a 60% chance of an attack, compared to 31% chance in EMEA and 9% in the Asia-Pack region. As the attackers’ sophistication increases and cybergangs are forming, it is important to understand what the attackers are going after and how to increase your ransomware resilience.

Ransomware Demand and Payment Trends

  • The average ransom demand hit $2.2 million in 2021, a 144% increase from the previous year, while the average ransom payment grew 78% to $541,010.
  • Recent ransom demands have been as high as $30 million with payouts that have exceeded $8 million.
  • Double extortion is on the rise. This is where cybercriminals not only encrypt files and demand victims pay a ransom to regain access to those documents, they also steal the data to publicly leak if the money isn't paid.
  • Ransomware-as-a-Service is helping drive an increase in unskilled threat actors.

Don’t Count on the Government for Help 

A report from The Committee on Homeland Security and Governmental Affairs “America’s Data Held Hostage: Case Studies in Ransomware Attacks on American Companies” documents notable attacks on three U.S. companies from REvil – a Russian cybercrime ring. The report found the federal government's response to these incidents sorely lacking and "recalled there was no 'here's a playbook' discussions with the FBI regarding how to best respond.” The document doesn't name the three companies, all of which reported the attacks to law enforcement, and instead refers to them as entities A, B, and C:

The Senate Committee recommends that companies take steps to make it more difficult and costly for ransomware gangs to breach their networks. This includes security basics like patching vulnerabilities, using multi-factor authentication, keeping device and software inventories, requiring employees use complex passwords, maintaining offline backups, and encrypting sensitive data. It also calls on the FBI and the Cybersecurity & Infrastructure Security Agency (CISA) to work more closely to share information and do more to help ransomware victims recover their data and mitigate damages. 

How to Improve Your Security Posture -- Start with These 6 Steps

  • Disable any direct external RDP access: ensure all external remote administration is conducted through an enterprise-grade MFA VPN.
  • Patch internet-exposed systems as quickly as possible (given best practices for testing and responsible deployment) to prevent vulnerability exploitation.
  • Implement MFA as a technical control and security policy for all users.
  • Require that all payment verification takes place outside of email to ensure a multi-step verification process.
  • Consider a credential breach detection service and/or attack surface management solution to help track vulnerable systems and potential breaches.
  • Conduct phishing prevention and recurring employee and contractor security training.     

10 Ways to Increase Your Ransomware Resilience

As the bad actors continue to hone their tactics, it’s more important than ever to bolster your defenses and improve your ransomware resilience. Here are 10 ways to increase your resilience:

  1. Stay up-to-date on the evolving threat landscape
  2. Understand the business impact of losing critical data and communicate it to executive management
  3. Assess your internal and external readiness
  4. Review and test your incident response plan
  5. Implement a Zero Trust approach to secure
  6. Identify and shut down access to your exposed assets
  7. Prevent known and unknown threats
  8. Automate where possible
  9. Secure cloud workloads
  10. Reduce response time with incident response retainers

You’ve Been Attacked – Now What?

Clearly time is of the essence once the ransom demand has been made. Expert and immediate help is critical. Our partner, Palo Alto’s Unit 42 can provide you with the hotline needed to negotiate next steps. Their world-renowned incident response team and security consulting experts will guide you before, during and after an incident with an intelligence-driven approach.

How Daymark Can Help

Daymark’s team of senior consultants can help your business approach the threat of ransomware pragmatically, across many facets of your environment. Our industry knowledge from data center to cloud, coupled with strategic partnerships like Palo Alto, can help ensure that your business is taking the appropriate precautions and employing the most useful technology to protect and recover the data most important to you.

Contact us if you have questions or would like to take the next steps for ransomware recovery advance planning.