Ransomware is one of those things that will not go away. Cybercriminals continue to find ways to circumvent the best safeguards in place, and awareness and education are your strongest defense. Understanding and building defenses against ransomware is critical and support from your managed service provider can offer the resources and strategy to best protect your business.
A growing trend of ransomware has been the threat to release private data to the public. Once an infection occurs, data is downloaded away from the source – your device(s) – giving cybercriminals complete access. Attackers threaten to release your data if the ransom is not paid. Victims pay to make sure their proprietary information is not released to the public. Then the victim trusts that the attackers deleted all the data so it cannot be released. Unfortunately, attackers have been known to come back for a second payment saying they did not really delete the data. With increased awareness around ransomware attacks, people are less likely to pay the ransom since attackers are likely to go back on their word. Apparently, there isn’t honor even among thieves! By doing this, attackers have shot themselves in the foot. While previously they could get money from victims, now victims have decided to stop paying.
Future of Ransomware
Ransomware has evolved from the early days. At first, data was encrypted. Then, attackers found ways to not only encrypt data but then delete backups. Our cybersecurity experts anticipate the next evolution of ransomware will be exfiltrating data to attackers then deleting from the source. That can affect both on premise and cloud services.
Protection against Ransomware
Continued security education and awareness of security best practices for your employees is the best way to protect your organization from a cyber attack. There are innovative technologies that exist as well to help prevent and rollback from a ransomware attack. The best approach is to implement these in layers.
- Endpoint Detection and Response (EDR)
A reliable Endpoint Detection and Response (EDR) solution (such as SentinelOne) can help detect behavior patterns that occur with ransomware attacks. By detecting behaviors such as large amounts of files being encrypted, the solution can help to stop the attack. Once the attack is stopped, there are ways to roll back the encrypted files to the last volume shadow copy.
- Secure DNS Filtering will help protect workstations from known bad sites. As a computer requests information from a known bad area, secure DNS filtering solutions (such as Cisco Umbrella) can actively block those requests from going through.
Ransomware attacks are not going anywhere. The best way to prepare for and protect against an attack is continued education and awareness for your entire team. By utilizing a joint effort of user education and technology, the threat of ransomware can be minimized.
If you have questions on how to better prepare your organization against a ransomware attack, or for more information about how a managed services provider, like Revolution Group, could streamline your security practices, don’t hesitate to reach out to our team at 614-212-1101 or [email protected].