Karl Sigler, Senior Security Research Manager, Spiderlabs at Trustwave shares his insights on ransomware and why organizations can't forget about it.
A recent survey of CISOs found that ransomware is now viewed as the main cybersecurity threat to their organization over the course of the next year. And CISA launched a new public awareness campaign to push back against the influx of ransomware cyberattacks that have targeted governments and the nation’s education systems.
Why is ransomware so feared? Why is it effective?
Ransomware is feared specifically because it is effective. Properly designed ransomware encrypts your data in a way that makes it completely unrecoverable. Whether this is your HR database, customer information, healthcare data, source code for products you develop, or just your personal pictures and documents. Losing that data completely can be devastating and having a potential option at getting it back for a single payout is a very compelling situation. This is how criminals make money.
The SolarWinds breach has taken most of the media attention away from ransomware. But do you believe we'll see a resurgence of larger-scale ransomware attacks in 2021?
Absolutely. These attacks are easy to execute, low risk for the criminals behind them, and often result in big payouts. We will be stuck with ransomware attacks well into the future.
What kind of companies are the main targets of ransomware?
Any large organization that is heavily reliant on the data on their systems but may not have a mature security posture toward risk is a primary target for ransomware attacks. Unfortunately, and as you might guess, that's a large majority of all organizations out there. Government agencies where cities, states, or even the entire country is reliant on the data involved makes them juicy targets. Healthcare organizations are also often targeted as they tend to have a mix of complex networks and systems, tight budgets and extremely sensitive data.
How can companies defend themselves against ransomware attacks?
Every effective defense against ransomware starts before you get hit with ransomware. Since a large majority of ransomware is delivered through phishing emails, Security Awareness training for your staff goes a long way toward shielding your organization. Other basic best practices such as agile patching of valuable systems and proper network segmentation can effectively minimize the damage that can be done by ransomware. Finally, it's essential that you verify that you are properly backing up your important data to a separate location (network, cloud, offsite) and have tested the process of restoring those backups.
If a company is a victim of a ransomware attack, what first steps should they take?
Hopefully, with proper prophylactic steps put in place as outlined above, a successful ransomware attack will likely have a much smaller scope of damage and can be easily recovered from by simply restoring the encrypted data being held for ransom from your backups. The time to take those first steps is prior to any attack occurring.