Scan the headlines, and not a day goes by when ransomware is not in the news. And it seems that for every business-focused piece addressing the threat that ransomware poses to an organization’s general security posture and bottom line, there is a more technical piece about a specific new variant that has taken on more advanced capabilities than the one before it.
A report in April from security company Sophos said that 66% of organizations surveyed were hit by a ransomware attack in 2021, up from 37% the prior year. The average ransom payment increased almost fivefold to more than $800,000, the report said.
Not only is ransomware not going away, it is getting more frequent — and sophisticated. Not surprisingly, the scourge is taking its toll on security operations teams, with many citing the constantly looming threat of ransomware as a primary driver for wanting to leave their cybersecurity jobs.
Studies have shown that a majority of businesses lack confidence in their ability to recover following a ransomware incident. As such, when ransomware strikes, the adage that every second counts is truer for this threat than arguably any other cyber risk, especially in the age of remote work and an expanded attack surface.
While history has clearly shown that ransomware is difficult to stop in its entirety, even on the most resilient networks, the impact can be controlled. Realizing that ransomware is not all that dissimilar from other malicious threats is a wise first step. As such, sound detection and disruption of the spreading process is more important than countering the specific threat itself.
Be wary of lateral movement tools, even legitimate ones, which could signal a ransomware spread is underway.
Avoid a “blame culture” that could deter employees from reporting ransomware infections.
Leverage tools like SIEM to detect early-warning indicators and SOAR to automate the response to limit disruption.
With the next ransomware threat likely just around the corner, here is a super digestible crash course in best practices from Vicente Diaz, threat intelligence strategist of VirusTotal. In the latest episode of "Fastest Two Minutes in SecOps," Diaz tells security operations professionals everything they need to know about how ransomware is evolving and key pointers to consider in a detection and response strategy.
To learn more about the ransomware threat, download The Definitive Guide to Ransomware Response.