Ransomware: Visibly Complicates and Slows Their Progress

According to the annual report published by the French digital security assistance and prevention platform Cybermalveillance, requests for help against the ransomware threat in France increased by 95% in 2021, with 1,633 requests from companies. Such attacks are once again at the top of the main cyber threats targeting organizations; It is one of the most lucrative with expected growth in 2022.

The prevalence and rise of ransomware has caused organizations to rethink their approach to security in recent years. They can no longer afford gray areas in their systems. They must now consider attack vectors holistically. Benefit from clear visibility into their assets and absolute knowledge of their weaknesses to stay one step ahead of what becomes important.

The fight against ransomware is constantly evolving with users and their applications. In increasingly complex environments, no system today can block ransomware. Just as with the theft of a two-wheeled vehicle, the goal is to complicate and slow down the attacker’s progress as much as possible in order to limit the damage and thus protect the company’s assets.

Think aggressor, anticipate the threat

The hybrid use of terminals, which combines many professional activities as well as personal activities, combined with the fact that data is now mostly hosted in the cloud, poses a significant risk factor for companies. However, there are still too many people who believe their public clouds are protected if they are encrypted and do not pay enough attention to the risks they are exposed to.

They also rely on their IT team to revert all files to a previous version without affecting the business. But if this is sometimes the case, this is not a generalization: losses can be much larger than expected and have a significant financial impact.

That’s why a proactive approach is essential to dealing with a potential attack. Anticipating risks makes it possible to create prevention and recovery plans even before the attack occurs. It has long been said that the problem is not “if” but “when” a company will be hacked, and it is more necessary than ever to put yourself in the attacker’s shoes to prepare for any eventuality.

In the case of a ransomware attack, sometimes one user click is all it takes to shut down the entire network: for example, if 10% of the employees of a 1,500-person company click on a malicious link, that means 150. chance for an attacker to break into the network and complete their mission!

However, beyond paying the ransom, companies should be able to restore their systems as soon as possible, whether their data was encrypted, lost, or taken offline after a technical incident. But it does not end there because once it is brought back online, it cannot be ruled out that the attacker also leaked sensitive or private data and the company remains vulnerable. In other words, preparing for the worst helps limit damage in the event of an attack.

Migration to cloud-based recovery systems

The recovery process is one of security’s weaker relatives because it’s often the last thing teams think about when developing a security strategy. Wrong.

Disaster recovery and business continuity (DRBC) is arguably the most difficult issue to resolve and unfortunately remains the one that is often overlooked. However, a critical infrastructure or control system for an organization in the healthcare industry or a vital operator (OIV)

industrial (ICS) service interruptions can have disastrous consequences. In some situations, such as healthcare, ensuring business continuity can save lives and require immediate recovery time.

Cloud-hosted solutions today take snapshots of real-time data. That’s why it offers DRBC much faster than existing solutions that are stuck in the logic of cloud storage, servers, and physical devices. To prevent ransomware, organizations therefore need to shift gears and adopt a next-generation, cloud-based DRBC strategy.

Also, one of the main reasons many organizations do not take this important step is that they are still concerned about the security of these cloud environments; Confirmed by the Cloud Security Alliance (CSA) in its latest study, which showed that security remains a major concern when it comes to cloud adoption for 58% of respondents.

However, this fear leads to another kind of risk. In particular, this can slow down a recovery and therefore affect the continuity of operations after a debilitating failure. So, at a time when the cloud can offer better visibility and greater data control than servers in a physical data center, it is clear that companies can accelerate their recovery times and improve their uptime.

You can’t secure what you can’t see

Ultimately, a ransomware attack preparation strategy is to ensure full visibility of data, categorize it, and establish policies to ensure that sensitive information never leaves the organization. This also allows files that violate them (such as ransomware stored in the cloud) to be blocked from entering based on their classification. Thus, it is possible to keep the good elements in and the bad ones out.

Currently, in the event of a ransomware attack, the infected file no longer needs to physically enter the network; All the cybercriminal has to do is deploy it to the extreme. To tackle these new applications, a SASE (Secure Access Service Edge) architecture combined with data loss prevention (DLP) capabilities protects users in environments controlled by IT teams and deployed on-premises.

But the problem arises with tools and platforms that will be installed and used in parallel. This “shadow IT” escapes the attention and control of IT teams, who are unable to fully protect the company’s systems.

This situation has only been strengthened since the start of the pandemic, with increased mobility, BYOD policies, SaaS applications, and the rise of remote workers. This makes it more necessary than ever to have visibility and policy-based controls to prevent malicious files from being downloaded to any device authorized to receive user data.

That’s why it’s more critical than ever to extend security visibility beyond just data to have a holistic view of users, devices, and applications. The more teams know about large network environments, the better they can protect users, devices, applications, and data from disruption.

There is no cure for ransomware attacks today, no security solution to stop them; however, there are ways to anticipate, slow down, and even protect against them, with preventive and forward-looking measures to have a clear view of assets and data, an understanding of the environment, and the consequences in the event of an attack to be as minimal as possible. and offers companies the opportunity not to pay ransom.