Ransomware attacks rose considerably in 2021, and 2022 is already shaping up to be another year dominated by ransomware. Stephen Manley, Chief Technology Officer at Druva, discusses the increasing complexity of ransomware and why companies must start preparing for new types of attacks in 2022.Â
A threat to virtually every organization, this method of attack has become mainstream because of advancements such as ransomware-as-a-service (RaaS). RaaS gives bad actors the ability to use malware for a percentage of the funds they seek while remaining completely anonymous. Even those who lack the technical skills to develop the malware and deploy the attack on their own can attack your business.
While ransomware protection technology is improving, nobody is prepared to recover because they do not have a cross-organizational plan. Security, IT, legal, and executive management must work together to respond to a ransomware attack and detect, assess, and recover from it. Unfortunately, most organizations depend on a decade-old disaster recovery plan that they have never tested. There is no protection without a recovery plan.Â
The Continued Evolution of Ransomware Attacks
Ransomware attacks are maturing, which means companies have to prepare for new types of attacks, which include:
- Gaining control of the environment – bad actors are taking over company emails and phones because, as an insider threat, they can thwart your protection and recovery processes. Insider threats are steadily increasing and costing businesses upwards of millions annually.
- Detection avoidance – cybercriminals encrypt data more slowly, target only portions of files, and maintain file size and type to avoid existing anomaly detection. This is making it light years more difficult to identify malicious activity.
- Exfiltration of data – bad actors are increasingly pulling data out of your environment and threatening to post it online or sell it. This essentially destroys a company’s last line of defense and further incentivizes payment.
- Targeting more than files – with data more fragmented than ever before and increasingly at risk, there will be a rise in attacks on SaaS applications such as Salesforce and Microsoft 365, virtual machines (VMs), and cloud-native applications.
While all of these attack methods are becoming popular, the trend of exfiltrating data is increasingly taking center stage. One of the largest international logistics providers, Hellmann Worldwide Logistics, was one of the latest victims of this type of attackOpens a new window . The company confirmed in late December that cyber group RansomEXX published 70GB of sensitive files after refusing to pay the ransom. The leaked data reportedly included several company emails, passwords and customer names.
See More: How Has Ransomware Attacks Impacted Manufacturing Industry
The 5 Key Steps to Ransomware RecoveryÂ
Because it’s almost impossible to prevent a ransomware attack from happening, all you can do is prepare to recover. The first step is to ensure your data is protected, but what comes next? By following the below steps, you will be able to mitigate the impact of an attack and strengthen your organization’s cyber and data resiliency.
- Implement a zero-trust model: Zero-trust is based on a strict verification process and adds another security layer to organizations. Implementing Multi-Factor Authentication (MFA) and Single Sign-on (SS) will keep bad actors from gaining access and deleting backups. You cannot recover if you cannot control your primary operations.
- Set recovery priorities: Understand the full scope of the applications and data to be recovered. This includes critical servers and applications, including SaaS applications like Microsoft 365, Google Workspace and Salesforce, that power your business.
- Develop a recovery plan: The last thing you want to do is define who should be doing what after an incident has occurred. You should have the owners, responsibilities, and cross-team dependencies defined to take action immediately.
- Communicate the plan to your teams: Development and operations teams should understand their role in recovery. While the leadership team owns the process, their teams must execute. Therefore, they need to understand each person’s context and function.
- Test, test, and test some more: Nothing takes the place of actually testing a ransomware recovery. You should run frequent tests in a sandbox to build up the basic skills and interactions in a safe environment. Only then should you consider more of a live test. Regardless, the day of an attack should not be the first time you test your ransomware recovery plan.
Winning with Resilience
Ransomware protection is already a part of every company’s strategy. However, since the threats continue to evolve, so must the protection strategy. Attacks will continue to be better masked, more comprehensive, and more vicious, so the protection must be broader, simpler, and more operationalized. Furthermore, protection is only half the strategy. Your business can be offline for weeks or months without a recovery plan. Now is the time to create an orchestrated ransomware recovery plan, communicate it with your team, and then test to develop your organizational muscle. That we may be hit with ransomware is no surprise, so we need to be ready to recover.Â
What are your ransomware recovery strategies? Tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We love it when you share with us!