hamburger

BitDam Blog

Roy Rashti
Roy Rashti
6 minutes & 24 seconds read · August 21, 2019

5 Ways to Prevent Ransomware Attacks on Your Enterprise

The notorious WannaCry outbreak that affected over 200,000 endpoints across 150 countries in 2017 was the first time that a ransomware attack made international news. But it wasn’t the last.

Ransomware attacks have increased by over 97% over the past two years alone. New, sophisticated strains of ransomware are released on an ongoing basis.

With the number of new variants increasing by 46% this year, it is safe to say that ransomware attacks are not going to slow down any time soon.

Types of Ransomware

Ransomware remains to be a top threat for enterprise security. The 2019 Verizon Data Breach Investigations Report (DBIR) ranked ransomware as one of the most prevalent threats of last year with over 24% of malware exhibing ransomware functionality.

Just like any other form of malicious software, ransomware comes in many shapes and sizes.

  1. Crypto malware: The most popular form of ransomware that encrypts the victim’s data and requires a ransom payment to release the decryption key. WannaCry is an example of this ransomware type.
  2. Crypto Lockers: This type of ransomware works by infecting an endpoint at the operating system level to completely lock the victim out, making it impossible to access any of the files or applications on an infected machine.
  3. Scareware: Software that relies on scare tactics to trick users into payment by pretending to be a legitimate antivirus tool.
  4. Doxware: Commonly referred to as leakware, this is a ransomware version of blackmail that threatens to publish private information online if the victims don’t pay up. Many users panic and pay the ransom when they suspect that their files have been hijacked.
  5. RaaS: Otherwise known as “Ransomware as a Service,” RaaS is subscription-based model. Under this service, cyber criminals provide a full-service malicious kit capable of launching a ransomware attack to novice hackers in exchange for a fee. RaaS packages are widely available on the dark web and on hacker forums.

The Main Effects Ransom Attacks Can Have on your Enterprise

The severity of ransomware attacks differ, however these attacks can have wide-ranging and devastating effects, such as:

 

  • Lost or damaged data: Since data is a key enterprise asset, data loss can have wide-reaching effects; from temporary disruption to permanent business failure. Only 26% of US companies that paid ransomware attackers had their files unlocked, so biting the bullet and paying the ransom is not advised.
  • Downtime: Downtime affects businesses regardless of sector or size, but the cost of restricted system access can be especially severe for an enterprise. According to an IHS study, outages cost enterprises $700 billion a year. With 34% of businesses hit with malware taking over a week to resume operations, downtime caused by ransomware can result in millions of dollars in lost revenue as well as a decrease in consumer trust.
  • Financial loss: According to Sentinel One, the average estimated business cost of a ransomware attack (including ransom, work-loss, and time spent responding) is over $900,000. To add insult to injury, in the aftermath of an attack enterprises are often forced to pay hefty fees for forensic consultants and lawyers to ensure that their networks are now secure and claims against the organization for the loss of private data are properly handled.
  • Reputation: Cyber attacks can severely damage your business’ reputation. And let’s face it, in business, reputation is everything. If your business suffers from a ransomware attack and your customers feel the effects of downtime, or if you lose your customers’ data as a result, your organization is unlikely to escape unscathed.

Preventing Ransomware Attacks

Here are our five tips to prevent ransomware attacks:

1. Have a Backup and Recovery Plan

The importance of regular backups for organizations of all sizes cannot be overestimated, and when it comes to ransom attacks, backups are still the best remedy. With the exponential increase in enterprise data volumes, losing valuable data can easily end up costing millions of dollars in damage. For that reason, enterprise-grade backup and recovery solutions powered by Artificial Intelligence (AI) are becoming increasingly popular, as they help security teams to identify cyberattacks, predict system failure, and automate backup and recovery processes.

An alarming 73% of businesses are not ready to respond to a cyberattack. While backups won’t stop ransomware attacks from happening, they will make the aftermath significantly less painful for your organization. However, the major drawback is that having backups still won’t help you to completely avoid downtime and some data loss is inevitable.

2. Timely Patching and Updates

Patching has become something of a truism in cybersecurity. And yet, about 3/4 of organizations still dedicate inadequate resources to updating their systems, significantly increasing ransomware risk. To prevent content-borne attacks, such as ransomware, make sure that all your enterprise apps, including email software, are patched and updated frequently.

Crucially, keep your entire IT stack up to date. Timely updates and regular patching can significantly lessen the possibility of ransomware wreaking havoc on your data.

Running old software which is no longer supported by vendors means there are no longer patches available. Despite the fact that we should know better, a tremendous number of enterprise endpoints still runs on outdated OS versions, such as Windows 7, Windows 2008 and Windows Mobile. These systems are vulnerable, particularly because they can’t be patched against critical vulnerabilities. And that is one of the reasons why the WannaCry outbreak is still with us; research estimates that 145,000 devices worldwide continue to be infected.

3. Train your Employees

No one is immune to a well-executed social engineering attack. But training your employees to recognize schemes such as phishing emails and fake websites that are filled with malware links, is an important piece of the puzzle in preventing ransomware attacks from succeeding.

As threat actors constantly update their tactics and find new and innovative ways to trick even the savviest of users into clicking on malicious links to initiate content-borne attacks, it is important to stay up to date on the latest developments in the field.

4. Install Threat Detection Tools

Implementing a threat detection tool can significantly decrease the chances of ransom attacks. Ransomware attacks don’t happen in an instant; once threat actors infiltrate an organization, they move laterally through the network or lay in wait and collect data until they are ready to strike. Detecting threats early, preferably before they reached the end-point, can save a lot of headaches down the road.

Enterprise-grade threat detection tools ensure that your security posture is proactive rather than reactive in protecting your networks. In addition, advanced threat protection technology doesn’t rely on trends or past attacks to detect them but identifies attacks as they continue to evolve.

5. Use Email Security Tools

Phishing remains to be the main ransomware delivery method, with nearly 60% of these attacks still delivered through email and content-borne attacks. Enterprise ransomware protection is unthinkable without a sophisticated email security tool that is up to the task.

It is important to monitor all emails for content-borne attacks with an advanced security tool, but you should still be wary of any email attachments, especially those that require the user to enable macros.

It is estimated that 2-4% of all emails contain some type of malware, so even with the best security tools in place, it is important to stay vigilant. Spam email campaigns and social engineering through email remain a common method for attackers to use. Do not click on unfamiliar links and emails that might contain malicious links and attachments.

Ransomware is Here to Stay

Ransomware is not going anywhere. If anything, it becomes smarter and more devastating as time goes by. The overall cost can be huge; for example, the cost of the ransomware attack on Norsk Hydro has reached $75m (and counting.)

Faced with an evolving threat landscape, businesses need an updated approach instead of doing more of the same.