What is Ransomware?
Ransomware is malicious software or malware designed to deny access to a device or the device’s data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. According to CrowdStrike’s 2020 Global Threat Report, ransomware accounts for around 25% of all cybercrime. CrowdStrike even noted the rise of RaaS or Ransomware-as-a-Service.
In 2019, ransomware attacks impacted at least 966 government agencies, education services, and healthcare providers with potential damages in excess of $7.5 billion. On average, a ransomware incident costs $8.1 million and 287 days to recover from. Analysts expect that even a small ransomware attack would cost well over $1 million to remediate.
Ransomware is a particularly nefarious type of attack. Once the attack is successful, it is nearly impossible to remediate and undo the damage without paying the malicious actors. Prevention is key to mitigating ransomware attacks.
Stopping Ransomware in Its Tracks
Ransomware typically uses broad stroke malware to attack known vulnerabilities. Because of this, the best way to address ransomware attacks, according to IBM Security, is to take mitigating actions like testing your incident response, maintaining continuous backups, developing a rapid disaster recovery functionality, and patching systems.
Today, many cybersecurity solutions are taking a detect rather than protect mindset. Although this can improve your overall security posture, it has a limited capacity to actually stop ransomware and rarely any ability to effectively remediate it. Because of this, prevention is left to you to achieve.
Patching and proper configuration are two key IT security controls that can reduce the corporate attack surface and make your organization a smaller target. Ponemon Institute shows that you can see an 80% reduction in exposure simply by patching and properly configuring corporate devices. Combined with Automox’s recent 2020 Cyber Hygiene Report that shows missing patches are the #1 technical attack surface exposure causing data breaches, we can confidently agree with IBM’s claims that patching is critical to ransomware mitigation.
Ransomware Mitigation Strategies
Here are some actions you can take to help mitigate ransomware today:
Securing Networks and Endpoints
- Keep systems patched. Use an automated patch management system if possible.
- Prepare an incident response plan that details what to do during a ransomware event.
- Disable macros scripts. Consider using Office Viewer software to open Microsoft Office files from email instead of full office suite applications.
- Backup critical systems. Use a backup system that allows multiple copies of backups to be saved in case a copy of the backups includes encrypted or infected files.
- Test backups for data integrity and to ensure it is operational.
- Apply the principles of least privilege and network segmentation.
- Vet and monitor third parties or temporary access employees that have remote access to the organization’s network.
- Use endpoint security solutions. Enable regular scans with antivirus programs enabled to automatically update signatures.
- Restrict internet access. Use a proxy server for internet access and consider ad-blocking or anti-PUP (potentially unwanted program) software. Restrict access to common ransomware entry points like personal email and social networking sites.
Securing the User
- Provide social engineering and phishing training to employees. Train them not to open suspicious emails, click on links or open attachments contained in suspicious emails.
- Remind users to close their browser when not in use.
- Have a reporting plan that ensures staff knows where and how to report suspicious activity.
Incident Response Planning
- Disconnect the infected system from the network to prevent propagation.
- Determine if decryption is available. Resources like No More Ransom! may help.
- Restore endpoints and data from regularly maintained backups.
Automation and Visibility are Key to Mitigate Ransomware Attacks
With ransomware attacks targeting new vulnerabilities within 7 days, organizations need to strive to patch within 72 hours for critical vulnerabilities and 24 hours for zero-day vulnerabilities. Visibility and automation are key to achieving effective cyber hygiene to stay ahead of the adversaries and help minimize your measurable attack surface.
Automox helps you reduce your exposure by automating your patching and configuration management. Our cloud-native solution provides complete visibility of all your corporate endpoints, no matter the location or domain. Our modern cyber hygiene platform closes the aperture of attack by more than 80% with just half the effort of traditional on-prem patch management solutions.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.