As organizations adopt new technology and expand their networks, they increase their risk of being the target of a cyberattack. This includes ransomware, which is a specific type of malware that holds data hostage in exchange for a ransom. In the case of a ransomware attack, the victim is prevented from using their computer or accessing their data unless they meet the attacker’s demands.
In the Q3 2019 Threat Landscape Report, FortiGuard Labs reported that at least two significant ransomware families – Sodinokibi and Nemty – had been deployed as RaaS (Ransomware-as-a-Service) solutions. As-a-service offerings, especially when combined with new evasion techniques and their ability to deliver increasingly sophisticated malware, have played a significant role in the uptick in attacks and network compromises.
The GandCrab ransomware reportedly earned more than $2 billion for its developers in less than two years. Much of the money was the result of their use of RaaS to distribute their malware. By establishing a network of affiliate partners, GandCrab’s authors were able to spread their ransomware widely and scale earnings dramatically by taking a slice of every attack.
With the addition of two additional prevalent ransomware variants to the RaaS sales model, ransomware not only continues to be a clear and present danger to enterprise organizations, but organizations can expect a significant uptick in the volume and severity of attacks for the coming year. By using the RaaS model, the authors of malware such as Sodinokibi and Nemty are significantly lowering the bar for launching attacks, making ransomware even more accessible and profitable for a growing pool of bad actors.
Considering the damage ransomware can cause, organizations must take steps now to protect their networks and networked resources from this growing problem. Here are 15 steps that can, and should, be taken to protect against ransomware.
Patch and update your operating systems, devices, and software.
Use inventory tools and IOC lists to prioritize which assets are at the most risk.
Update your network IPS signatures and your device antivirus and anti-malware tools.
Back up your systems and store backups offline, along with any devices needed for network recovery.
Run recovery drills and pre-assign responsibilities so systems can be restored quickly in the event of a successful breach.
Update your email and web security gateways to check email attachments, websites, and files for malware.
Use a sandbox to execute and analyze new or unrecognized files in a safe environment.
Block advertisements and social media sites that have no business relevance.
Use zero trust network access that includes virus assessments so users can’t infect business-critical applications, data, or services.
Inspect and block bring-your-own-devices that do not meet security policies.
Use application whitelisting to prevent unauthorized applications from being downloaded or run.
Segment your network into security zones to prevent the spread of infection.
Use forensic analysis tools to identify where and infection came from, how long it has been in your environment, ensure you have removed all of it from every device, and ensure it doesn’t come back.
Plan around the weakest link in your security system – the people who use your devices and applications. Training is essential but must be augmented by technology. Proper tools, such as secure email gateways, for example, can eliminate most if not all phishing emails and malicious attachments.
As cybercriminals expand the RaaS market with new ransomware variants to expand their earning potential, enterprises have to significantly step up their efforts to protect themselves. Bad actors are focusing their attacks to achieve maximum impact and profitability, often combining highly targeted attacks with increasingly stealthy and unexpected methods. Organizations that prepare now stand the greatest chance of withstanding this latest wave of malicious criminal activity.
Read more about the latest cybersecurity threat trends and the rapidly evolving threat landscape in our latest Quarterly Threat Landscape Report.