The Cost of RansomwareAs the frequency and cost of ransomware attacks continue to increase, it is important for organizations to invest in appropriate resources and security controls to mitigate the risk. By: Mike McLellan, Director of Intelligence, Counter Threat Unit Research Team
I recently had the opportunity to do a podcast on ransomware hosted by Enterprise Management 360 and moderated by Dr. Eric Cole of Secure Anchor Consulting. It gave me the opportunity to review the current state of ransomware and the measures we must all take to combat it.
Key points from the discussion:
- The cybercriminal ecosystem is evolving. The increase in ransomware attacks is fueled by the profitability of ransomware successes. This ecosystem includes ransomware developers selling their capabilities as a service, affiliates that specialize in operationalizing ransomware-as-a-service (RaaS) offerings, and facilitators that specialize in gaining access to target environments.
- Make the case for up-front investment. Effective defense against ransomware attacks requires investment. But you won’t get that essential funding unless you can make a compelling case to your executives. The conversation about defeating this threat should involve the whole business, and it should include clarity about the potentially enormous impact of insufficient preparation.
- Ransomware defense is about doing the fundamentals. Ransomware actors are driven by economic incentives. Put simply, they won’t waste their time on a difficult target when there are others available. You should focus ensuring your environment is not worth the trouble. At a minimum, implement fundamental security controls: keep internet-facing systems fully patched, utilize multi-factor authentication, maintain offline backups, and establish proper endpoint threat detection.
- Ransomware response resources are expanding. Support for organizations that are or could be victims of ransomware attacks has grown. Resources include cyber insurance providers, ransomware payment brokers, incident response specialists, lawyers, and PR crisis teams. The involvement of these groups is affecting the economics of ransomware for both attackers and victims.
- When prevention fails, be prepared to respond. Prevention may not be completely effective every time. If your defenses don’t stop an attack, you need to be able to detect the activity and respond appropriately. It is important to create and rehearse an incident response plan, establish in advance how you will communicate with your service providers and other third parties, and consider in principle your organization’s position on ransom payments. As part of the incident response, it’s critical that you investigate how the threat actors got into the network and plug those gaps going forward.
I also discussed the value of the Secureworks® Taegis™ XDR platform when defending against ransomware. By incorporating data from a range of different sources and applying our intelligence, we can detect attacks early and take corrective action to contain and remediate them. Speed is essential to isolate a threat actor before they are able to move within the environment and ultimately stage and deploy their ransomware.
You may want to share the podcast with executives in your organization who have the power to allocate resources toward your anti-ransomware efforts. It might provide the context they need to appreciate the importance of addressing this threat before ransomware actors strike.