Shawn Kanady, Trustwave: Here Are 8 Ways To Combat the Growing Threat of Ransomware
This week, the FBI warned the US about a new surge in ransomware attacks against schools. According to ZDNet, "In a joint FBI and DHS-CISA flash industry alert (.PDF) this week, law enforcement said a recent increase in attacks leveraging PYSA ransomware, also known as Mespinoza, has been traced to both US and UK educational institutions."
Palo Alto Networks' Unit 42 also released a new report this week that produced some eye opening statistics on ransomware:
The average ransom paid by organizations increased from $115,123 in 2019 to $312,493 in 2020.
From 2015 to 2019, the highest ransomware demand held steady at $15 million.
In 2020, however, the highest ransomware demand grew to $30 million.
"Organizations around the world are being held hostage by ransomware, and many are being forced to pay cybercriminals because they're not equipped to combat the threat for varying reasons, from a lack of recoverable backups to the cost of downtime outweighing the cost of paying the ransom," said John Davis vice president of public sector at Palo Alto Networks.
It's clear that the threat of ransomware is not only here to stay, but it is growing.
Shawn Kanady, Director of Threat Fusion & Hunt at managed detection and response provider Trustwave shared 8 areas that security leaders should make sure they're focusing on in order to be able to defend and respond to ransomware:
1. Backup Your Data Have an online backup, but also keep an offline copy of it as well.
2. Inventory Your Systems Conduct an IT audit of your systems. Make sure that anything that’s legacy or something that can’t be patched (like a Windows 2003 server) is isolated and highly monitored because it will be your biggest liability.
3. Conduct Continuous Awareness Training Keep your security awareness training up because humans are the weakest link.
4. Implement a Patch Cycle Program Have a good patch management program when you’re patching within 30 days. Make sure that third-party apps are also patched.
5. Perform Application Allowlisting This is a huge factor in these types of attacks. This goes beyond just ransomware, but even those malicious downloaders. Doing application allowlisting where you have your systems and you only allow the applications that you know about to run on those systems.
6. Deploy an EDR Solution Baselining your systems and keeping aware of any new or rogue processes on your systems will curb those first-stage pieces of malware from going by unnoticed and causing more harm.
7. Secure Email Gateway Solution A strong secure email gateway solution will go a long way in protecting what is commonly the initial infiltration vector by removing malicious emails from the user's mailbox.
8. Initiate a Proactive Threat Hunt To have a great defense in place, sometimes you have to go on the offense. Initiating a proactive threat hunt is a proven methodology to identify ransomware threats.