How to Protect Your Network Against a Ransomware Attack

Cyberattacks against mid-market and enterprise organizations are on the rise. From man in the middle (MitM), distributed denial-of-service (DDoS) and SQL injections, to zero-day exploits and phishing, cyberthreats are getting more sophisticated, more prevalent and more costly. But one type of cybercrime reigns supreme: ransomware. 

Not-so-fun facts about ransomware today: 

• Ransomware cost the world $20 billion in 2021. That number is expected to rise to $265 billion by 2031. 
• In 2021, 37% of all businesses and organizations were hit by ransomware. 
• Recovering from a ransomware attack cost businesses $1.85 million on average in 2021. 
• Out of all ransomware victims, 32% pay the ransom, but they only get 65 percent of their data back. 
• Only 57% of businesses are successful in recovering their data using a backup. 

Source: Cloudwards 

COVID-19 is not the only pandemic to emerge and gain a global stronghold as we push on into the 2020s. Ransomware has its tentacles everywhere. No network – corporate or personal – is immune. The financial damage being inflicted, especially at the corporate level, is only getting more and more severe. It has the potential to bring some institutions to their knees and send ripples through the global economy, eventually impacting the everyday consumer. 

If we’re to right the ship, the castle walls around our ever-expanding networks must become stronger, more dynamic and more intelligent. It also requires vulnerable entities to step into the realm of psychology. What’s motivating these threat actors? What do we as an organization have that they want? 

Stopping Ransomware

Just as we wear masks and get vaccinated to protect ourselves from the threat of contracting COVID-19, we must take the proper precautions to limit or eliminate the possibility of a ransomware attack. 

Know Your Enemy

For most companies, the enemy (or hacker) just wants money. More rarely, they’re after corporate data for some personal gain – again, that could be to sell it or leverage it for other malicious initiatives that could be politically or ideologically motivated. Even more rarely, they’re just looking to tarnish your brand’s reputation.  

Regardless of their intent, however, there is one simple commonality: they want to breach your network through clandestine means. The emphasis is on the network even if that network is not physical. Today, it doesn’t need to be. In 2022, your network is merely where your corporate endpoints are in use, and ultimately where data accessed via those devices is stored. 

The attempt to understand the enemy has given rise to threat intelligence services that can help you profile your attackers. Such tools can determine whether these individuals have a hold on your network, endpoints and/or users. But threat intelligence alone isn’t enough – organizations need to know themselves, which requires a unified stack of security technologies and tactics that when deployed in conjunction with one another can thwart even the most sophisticated ransomware attack. 

Know Your Organization

Corporate endpoints serve as the initial entry points to any corporate network. These devices store proprietary, sensitive data – the hostage in this hostage taking scenario.  To effectively secure the network requires instituting a bevy of endpoint security measures as part of a larger security posture strategy. Frameworks such as the CIS Critical Security Controls outline these best practices.  

Ultimately, however, organizations can start with these basics: 

1. Use Multi-Factor Authentication (MFA) when possible; discourage the use of corporate applications that do not allow for MFA activation; use a password manager when MFA is not available. 
2. Have a mechanism to isolate any infected machine in use across your network to prevent lateral movement and further spread. Wireless and wired network access control (NAC) solutions have been purpose-built to do just this. 
3. Employ an email content inspection software that proactively inspects all links and attachments within incoming emails; this aids in stopping malware via phishing attempts.  
4. Deploy an Endpoint Detection & Response (EDR) program on all machines – managed devices, BYOD & IoT / OT – that runs 24/7 with automatic system updates. 
5. Ensure you’ve instituted proactive device remediation for all connected endpoints that can automatically update firewalls, antivirus and VPN services in use. NAC also incorporates this functionality.   

If you follow those principles, you can win every battle. As legendary military strategist Sun Tzu wrote in his classic work, The Art of War: “If you know the enemy and know yourself; you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”