Implement a Multi-Layered Ransomware Defense Strategy
Ransomware—nearly every day we learn about another major attack on companies such as JBS, Kaseya, and Quanta, a key supplier to Apple.
Along with the increase in attacks, recent reports have shown the average ransomware recovery cost skyrocketed to $1.85 million this year. And, as companies have become more willing to accept attackers’ ransom demands to restore their mission-critical operations, the average ransomware payment has jumped to more than $170,000.
It's clear that businesses need to do more to protect their sensitive data from criminals, and one of the best ways to do that is with a multi-layered ransomware defense strategy.
Ransomware Attacks Proliferate
In order to combat this growing problem, we need to first understand how ransomware works. Similar to an infectious disease, malware such as ransomware wreaks the most havoc when it spreads quickly. So, the best way for hackers to succeed is by targeting vulnerable businesses and uninformed end users. Amazingly, most ransomware transmission occurs via traditional attack vectors that haven’t changed significantly over the years, including phishing emails and visits to infected websites.
Upon infection, users are generally presented with a pop-up notification, informing them that their files have been encrypted and that payment needs to be made immediately. When an encrypted file from an infected user’s account syncs to the cloud and to other company devices, productivity can grind to a halt. Without a multi-layered ransomware defense strategy in place, the quickest way for many businesses to regain access to their files may be to concede to the attackers’ demands and pay the ransom.
However, attacks produce a ripple effect that extends well beyond the initial cost of a decryption key. Businesses may be forced to conduct event impact analyses, disinfect machines, and manually restore backup data. This can take weeks depending on the size and complexity of the organization’s data environment. During the recovery period, attackers often attempt to exploit additional vulnerabilities in the company’s infrastructure, particularly if the company has a track record of making ransom payments.
Ransomware’s Evolution
Even with effective security measures in place, attacks are getting harder and harder to avoid. In fact, Anne Neuberger, U.S. deputy national security advisor for cyber and emerging technology, shared the following advice in a June 2021 White House memo:
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”
In certain cases, attackers have adjusted the speed of the encryption process, making their malware less predictable. This can keep infection volume below the threshold of traditional detection software. Randomizing the file overwriting process and making ransomware “dormant” for a defined time period can also make ransomware harder to detect.
In addition to altering encryption methods, ransomware developers are shifting their delivery tactics. Since organizations have gotten better at educating employees to question suspicious email links, hackers have turned to using file attachments instead. Disguised as common file types (.doc, .pdf, xls or JPEG files), such attachments can initiate ransomware scripts when opened.
Understand the Importance of Defense in Depth
Conventional security solutions can reduce the likelihood of a full-blown ransomware infection, but attackers know the deficiencies of commonplace defenses such as antivirus software, firewalls, secure email and web gateways, and intrusion prevention systems (IPS). This permits attackers to adjust their strategies accordingly.
You can establish a solid backup plan, train employees to be vigilant, and keep security software up to date, but ransomware can mutate rapidly into new variants, making it increasingly difficult to pinpoint with traditional signature-based approaches. It’s best to incorporate multiple layers of defense into your data protection, including anomaly detection, account blocking, and version control measures.
Bolster Your Ransomware Protection
These practical recommendations supplement your defense-in-depth strategy, and help prevent ransomware infections:
- Always utilize Multi-Factor Authentication (MFA).
- Provide security awareness training to all employees, when they’re hired and on a regular basis thereafter.
- Restrict users’ file access based on their “business need to know.”
- Implement software patches immediately, and only do business with proven vendors.
- Evaluate ransomware detection technology.
Advancing Data Protection
Designed to combat ransomware from the ground up, Egnyte delivers three core defenses to help stay ahead of malware:
Early detection
In the event that ransomware makes it past your organization’s security perimeter, Egnyte utilizes machine learning algorithms to detect and alert for unusual behavior. It will also monitor for anomalies such as inconsistent file types. Our solution spots evidence of an infection by identifying file extensions that have changed or contain known ransomware signatures, as well as the potential presence of “ransom notes.”
Better protection
If irregularities are found, we quickly alert your administrator and enable them to block all affected user accounts, helping to contain ransomware before it spreads. We identify every encrypted file and trace the infection back to its source. Egnyte provides peace of mind for end users and admins by containing the damage and helping to minimize data loss.
Quick recovery
We don’t rely on external backup services because disaster recovery is built into our content architecture. Instead, we provide frequent file snapshots as changes are made, so it’s easy to restore to the latest clean version of your files –– without compromising sensitive company data. Our platform combats ransomware on a granular level, so none of your valuable data is lost and business can continue with minimal downtime.
Learn More
For a recorded demo, where we show you how to detect and recover from ransomware, click here.