Caution! Ransomware Crisis Is Not Going Away. Here’s How to Act on It

It’s no secret that ransomware is the number one threat businesses face today. And it’s no longer hobbyist hackers who’re crippling networks, ransomware is now a diversified “business,” writes Steve Grewal, a veteran C-level executive and current Cohesity Federal CTO.  Here, Grewal, a well-known tech leader explains what the average organization can do to protect itself against ransomware attacks and why modern backup and data management are the best tools to have.

Technology rarely stands still and, as reported in the Crowdstrike Global Threat Report Opens a new window 2020, the last twelve months have been a very busy time for ransomware gangs. Not only are “ransom demands growing larger and tactics becoming more cutthroat” the criminals involved are finding new ways of breaching corporate defenses, while the attacks themselves are becoming a lot more sophisticated and targeted in nature.

Defending against this ever-moving threat is no mean task but a good starting point is an understanding of where the weak points are and how they are being exploited. These can be summarized down to three points.

1. Human Fallibility is Still the Weakest Link

All it takes is one click on an unscreened phishing link and – job done – the network defenses are breached and the malware is in!

Hardening those defenses against human fallibility calls for a mix of awareness training plus tools to filter out malicious content before it can cause harm. However, it’s far from a precise science and even the best laid plans need to be kept under review and continuously adapted to cope with the furious rate at which ransomware is evolving.

Take the massive rise in home working during the pandemic, for example, giving hackers a whole new and very naïve audience, unfamiliar with protecting themselves from threats. According to security vendor Kaspersky, that led to Microsoft RDP (Remote Desktop Protocol) attacks soaring globally in the wake of coronavirus lockdown.

Learn More: CSOs: Ransomware Is the Biggest Threat in 2020, Get Your Security Act Together

2. They Know Where You Live

Hackers are waking up to the fact that different industries present their own unique vulnerabilities. Something they are now exploiting by moving away from scattergun phishing expeditions towards more targeted attacks. Some, for example, will focus on individual businesses, typically, high profile organizations with the most to lose, while others, target a particular sector using malware tailored to the IT used by that industry.

Or both, as in the recent Honda attackOpens a new window which is widely thought to have involved a variant of so-called Snake ransomware able to disable backup measures and target SCADA industrial control systems used in vehicle manufacturing.

3. Pressure is the Perfect Driver

Ransomware is becoming a much more diversified “business”. As well as being locked out of critical data, for example, victims are now threatened with the release of sensitive data harvested during the encryption attack. Either simultaneously or as a follow-up demand.

There is also growing evidence of ransomware routinely targeting backup and disaster recovery systems as well as live data. Or at least appearing to do so, because it takes time to verify the integrity of these last-ditch defenses.

Learn More: What Is Ransomware Attack?

Keeping Pace with Ransomware 

This begs the question: what can the average organization do to protect itself against what is quickly becoming the number one threat to its core IT systems?

There are no easy answers or simple tools that will do it all for you. Moreover, it’s mostly baby steps rather than big leaps. Ramping up end-user awareness and training, for example, updating anti-malware tools and making sure backup strategies and tools are robust enough to cope with ransomware threats. 

All are worthy of review but, as the last line of defense, it’s backup that’s the most important. Especially given the widespread use of NAS (Network Attached Storage) appliances to support backup and archiving which, by their very nature, are an easy target.

It’s the “network-attached” bit that puts NAS appliances most at risk, making them easy to identify and, once found, easy to attack. Often without anyone knowing until the ransom demands hit the inbox.

The first line of defense is to lock down the network to which NAS appliances are attached while, at the same time, ensuring that NAS firmware is up to date with all the latest security patches applied. Beyond that, it’s worth taking advantage of two-factor authentication, where available, and the use of SSL to better secure remote access if used.

Other features worth looking for include automatic blocking of IP addresses following repeated failed ‘brute force’ login attacks plus the use of onboard data encryption and NAS-specific firewalls.

A belt and braces approach is the most secure, which means taking frequent and regular backups of NAS storage and storing those copies remotely (preferably off-site) and unconnected to the network. This is the only way of ensuring there’s a clean, restorable version of your data that’s not too old to be of use. Bear in mind, however, that this should be combined with regular integrity checks and malware scans to ensure data being copied hasn’t been compromised already.

How to Deal With Ransomware Crisis

But can the ransomware tide ever be turned? Possibly, but something equally menacing is bound to follow. Hence why many enterprises are looking at object storage, versioning and immutable file systems, with Gartner predicting that by 2021, 80% of enterprise data will be in scale-out storage based on these technologies.

We may not see the immediate end of the ransomware scourge but this should bring the light at the end of the tunnel a little closer.

Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!