Ransomware threat continues to evolve, defence needs to keep pace

News about cyber attacks and data theft is daily. They illustrate the serious damage caused by ransomware attacks and the urgency needed to mature defences in organisations.

In July, the diagnostic medicine group Fleury suffered a cyber attack that made part of its systems unavailable, jeopardizing laboratory operations. And it occurred shortly after we saw the JBS factories in the United States paralysed and the Colonial Pipeline practically shut down. The latter blocked 45% of the US East Coast fuel supply.

The pressure on security teams has increased. Ransomware is gaining increasingly destructive modalities. Defensive and proactive measures need to evolve at the same speed and level of complexity.

The first measures

Basically, in ransomware, criminals install malware on a company's computers and then demand payment, via bitcoin, to return what was encrypted and stolen. And even if the ransom is paid, there is no guarantee that the data will be returned.

Many organisations refused to pay, opting instead to try to restore their computers or systems according to their incident response plans. Others decided to pay and ended up being victims a second time.

But we knew that the volume, scope, and cost of ransomware attacks in 2021 would be even higher. In Brazil, for example, numbers have grown above the global average, with a 92% increase in the volume of ransomware incidents since the beginning of 2021.

To help prevent successful attacks, companies can start with these measures:

  • Strengthen user training and security awareness programmes to help them avoid falling prey to phishing scams;
  • Deploy email controls using strong spam filters and an authentication method known as DomainKeys Identified Mail to limit email spoofing;
  • Implement business processes that limit or even eliminate email transactions;
  • Develop and test incident response plans;
  • Follow established security best practices, such as implementing a strong patch management program;
  • Keep all systems up to date, using anti-virus and anti-malware software and using the principle of least privilege for access control.
  • Implement newer technologies to further limit vulnerabilities;
  • Adopt multi-factor authentication, Zero Trust and security frameworks as part of a layered defence;
  • Perform more aggressive monitoring with threat detection by consolidating these activities into a security operations centre, whether in-house or outsourced, that has the resources to respond to suspicious threats.

Any infection can be disastrous for an organisation and restoration, a challenge that, if not executed with a mix of skilled professionals, well-designed processes and technology, can jeopardise the existence of any business.