Last year saw a global increase in malware attacks for the first time in 3 years, with a staggering 2.3 billion attacks. In his blog Aamir Lakhani, Lead Research and Cyber Expert at Fortinet shares his thoughts on if this is just a taster of more to come in 2023 and what the 5 ransomware protection best practices that every organisation should adopt to help prevent these types of attacks.
If the growth of ransomware attacks in 2022 indicates what the future holds, security teams everywhere should expect to see this attack vector become even more popular in 2023. In just the first half of 2022, the number of new ransomware variants we identified increased by nearly 100% compared to the previous six-month period, with our FortiGuard Labs team documenting 10,666 new ransomware variants in 1H 2022 compared to just 5,400 in 2H 2021. The explosive growth in new ransomware variants is primarily thanks to more attackers taking advantage of Ransomware-as-a-Service (Raas) subscriptions on the dark web.
However, even with the increase in ransomware variants, the techniques we see bad actors using to deliver ransomware remain largely the same. This predictability is good news because security teams have a reliable blueprint for protecting against these attacks. Here's a closer look at ransomware mitigation strategies and how you can implement these in your organisation.
What is Ransomware?
Ransomware is malware that holds data hostage in exchange for a ransom. It threatens to publish, block, or corrupt data—or prevent a user from working on or accessing their computer unless they meet the attacker’s demands. Today, ransomware is often sent through phishing emails. These malicious attachments infect a user’s computer once opened. Ransomware can also be spread through drive-by downloading, which happens when a user visits a website that happens to be infected. The malware on that site is downloaded and installed without the user realising it.
Social engineering often plays a role in a ransomware attack as well. This is when an attacker tries to manipulate someone into divulging confidential information. One common social engineering tactic is to send emails or text messages to scare the target into sharing sensitive information, opening a malicious file, or clicking on a malicious link.
What is Ransomware Mitigation?
Attempted attacks and data breaches are inevitable, and no organisation wants to be forced to decide between paying a ransom and losing important data. Fortunately, those aren’t the only two options. The best path forward is to take appropriate steps to safeguard your networks, which will lessen the chances your enterprise will be hit with ransomware. This approach requires a layered security model that combines network, endpoint, edge, application, and data-center controls, as well as updated threat intelligence.
In addition to implementing the right security tools and processes, don’t forget the role cybersecurity education plays in your mitigation strategy. Teaching employees how to spot a ransomware attack—and educating them about strong cyber hygiene practices in general—is a great defense against clever attackers.
"Teach employees how to spot signs of ransomware, such as emails designed to look like they are from authentic businesses, suspicious external links, and questionable file attachments."
Understanding the Risks That Make Ransomware Mitigation Necessary
Look around any organisation, and you'll likely find security “gaps” that increase the chances of a business falling victim to a ransomware attack. Here are several common challenges security teams and their organisations face, which can make them more vulnerable to cyber incidents.
Latest Ransomware Attacks to Learn From
Ransomware continues to get nastier and more expensive, impacting companies in every industry and geography. While most of us recall recent high-profile ransomware attacks involving companies such as Colonial Pipeline and JBS, countless other ransomware incidents occur that don't make the national news. However, many ransomware attacks can be prevented by applying strong cyber hygiene practices—including offering ongoing cyber awareness training for employees—and focusing on implementing Zero Trust Network Access (ZTNA) measures and endpoint security.
5 Ransomware Protection Best Practices
Effective ransomware detection requires a combination of education and technology. Here are some of the best ways to detect and prevent the evolution of current ransomware attacks:
While the volume of ransomware isn't slowing, numerous technologies and processes are available to help your team mitigate the risks associated with this attack. From ongoing cyber education programs to strengthening ZTNA efforts, we can keep crafty attackers at bay.
For further advice on reducing the risk of ransomware attacks within your organisation get in touch with us below or speak to us via our live chat at the bottom right of this page.