Cybercrime is now a major risk for every business. Indeed, some consultancies and business insurance providers now rank this as the number one threat to a firm's long-term security, ahead of issues such as economic downturns, supply chain risks and climate change.
One of the biggest trends within this sector is ransomware. This type of malware has boomed in popularity in recent years, as it offers criminals a relatively inexpensive option coupled with the potential for significant financial rewards.
Research from Sophos found that two-thirds of businesses (66%) were hit by a ransomware attack in 2021, up from just 37% the previous year. Meanwhile, a joint advisory from cybersecurity organizations around the world, including the FBI and NSA in the US and the UK's National Cyber Security Centre, warned in 2021 of an increase in "sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally".
Therefore, tackling this problem needs to be high on the agenda of every cybersecurity specialist.
4 common types of ransomware you need to be aware of
The first step must be to understand exactly what ransomware looks like. There are actually several different types of attack that fall under this heading. While the general idea is the same - to disrupt a company's operations in some way then demand money in exchange for restoring data or services - there are a few key differences that could affect how attacks are carried out and how businesses should respond.
1. Crypto ransomware
Perhaps the most familiar form of ransomware, this tactic involves gaining access to a system and then encrypting critical files such as business spreadsheets, databases or other documents to make them inaccessible. This makes it impossible for a firm to do business unless they pay the hackers for the decryption key.
2. Locker ransomware
This works in a similar way to crypto ransomware, but instead of encrypting user documents, it targets key system elements that can lock a user out of their device altogether. This can be even more disruptive as it means individuals can't simply switch to backup files - although the good news is that it does leave key business data intact.
A variation on a more traditional scam, this involves malware claiming to have detected a virus on a system, then tricking users into downloading a fake 'antivirus' program to get rid of it. This can use other elements of ransomware, such as locking certain files, to help convince users and it can earn scammers money directly for the fake fix, but its main goal is often to gain access for more complex, and more dangerous, malware.
A particularly fast-growing threat, these schemes - sometimes called double extortion malware - not only encrypt your files, but also steal them. Then, the criminals threaten to release them publicly unless they receive another payment. This aims to prevent common ransomware mitigation tactics such as turning to backups, as companies will be worried about the reputational and business impact of having company secrets or user data exposed.
Some of the world's biggest brands have been targeted by these techniques recently, including Apple, which was subject to a $50 million demand to prevent the release of new MacBook engineering data that was stolen from a supplier.
Learn more: Search and Destroy: 3 Methods of Detecting Ransomware Attacks
7 best practices to prevent ransomware attacks
Ransomware attacks can be very difficult to mitigate once they've occurred, so the best form of defense is to block them before they have a chance to happen. To achieve this, it's important to follow a few key best practices.
Many of these defenses will be familiar to anyone working on general antimalware efforts, as the main goal remains to prevent the malware making it into your network in the first place, but there are a few steps that are particularly applicable to ransomware, given its main goal of accessing and modifying key files.
1. Focus on your email defenses
Most malware - 75% according to HP - still enters networks via email, so focusing on this channel is essential. Effective firewalls and intrusion detection and prevention systems are a must here, as are smart filtering tools that can spot phishing attempts that try to use social engineering such as scareware to get users to click on malicious links or download disinfected files.
2. Use multi-factor authentication
Another common way for hackers to gain access to files - especially those they want to steal for extortion efforts - is to use compromised credentials. Therefore, the use of strong multi-factor authentication (MFA) tools to control access to sensitive documents plays a key role. This is especially the case for privileged accounts, such as those with access to backups.
3. Keep your systems up-to-date
Some of the biggest ransomware incidents , such as the 2017 WannaCry attack, have been traced back to the continued use of outdated systems. So, you need to have a clear schedule for patching systems to remove newly-discovered vulnerabilities that ransomware tools often rely on.
4. Use the principle of least privilege
As with MFA, controlling who has access to files is critical. To ensure you're not leaving yourself vulnerable, adopting a policy based on the principle of least privilege - where each user only has access to the files and systems absolutely necessary to do their job and no more - greatly reduces your overall risk of compromised credentials to access data.
5. Use a strong activity monitoring tool
Being fully aware of what's going on across your network at all times is vital. Tools that can highlight suspicious activity, such as users trying to access systems they don't have permission for, or transferring large quantities of data outside the network, can alert you to any attempted extortion efforts early and let you shut them down before any data is compromised.
6. Educate your users
As is the case with many cybersecurity efforts, user education is one of the most important things you can do. Mistakes by employees remain one of the most reliable entry routes into networks for ransomware authors, whether this is responding to a phishing email, using weak passwords, or visiting suspicious websites.
7. Deploy multiple backups
Being able to quickly revert to a recent backup can negate much of the harm caused by crypto ransomware. Consider using the 3-2-1 rule, where you keep a minimum of three copies of mission-critical files in various places, across two storage mediums and at least one offsite location, in order to ensure you have the best chance of minimizing disruption.
Access the latest business knowledge in IT
Join the conversation...