Ransomware tactics have evolved from rudimentary, user-initiated “spray and pray” infections to “big game hunting,” which targets large companies that have enough resources to pay a ransom but not enough for state-of-the-art cybersecurity.
However, the spray and pray approach still persists. Another tactic we’re seeing play out is ransomware-as-a-service (RaaS), which enables affiliates to also target smaller organizations and payloads. RaaS allows practically anyone to use the service by simply paying a percentage to the ransomware gang.
Considering how far ransomware has evolved, we’d like to offer insight into why traditional protection strategies don’t always measure up.
A Brief History of Ransomware
When the first truly invasive strain of ransomware popped up in 2006, it was unsophisticated and relatively easy to circumvent. But in the past decade and a half, technology—including malware—has become much more sophisticated.
Anonymous payment options, such as Bitcoin, changed the game for cybercriminals. These payment options allow attackers to easily (and untraceably) capitalize on successful ransomware attempts. Another game changer arose in 2013, when Cryptolocker became the first cryptographic malware spread by downloading files from a compromised website or by opening infected, official-looking email attachments.
Today, the “classic” ILOVEYOU and WannaCry ransomware attacks serve as a cautionary tale about how easily very smart humans can be tricked into opening malicious attachments and how crucial anti-malware tools and regular data backups are to preventing data loss.
3 Ways Traditional Ransomware Strategies Fall Short and How You Can Step Up Your Ransomware Protection Game
Traditional ransomware strategies don’t always address the ways business environments and cybercrime have evolved in the past few years—or even the past few months. To create a comprehensive cybersecurity strategy that includes the latest and most effective ransomware protection technology, look for solutions that address and avoid these three pitfalls.
The Human Element
Traditional ransomware protection tries to block malware at the perimeter. The problem with this approach is that it assumes all endpoints are in a central location. Although this may have been true 10 years ago, it is seldom the case today.
Mobile devices such as tablets and smartphones set business free by allowing employees to access work resources from practically anywhere. The widespread use of mobile devices has major security implications that must be mitigated.
Employees often use their mobile devices for both business and personal activities, which increases the likelihood that they will click a bad link or visit a malicious website. These employees also have access to business-critical data and applications that can easily and unintentionally be contaminated by the infected devices.
Remote workspaces are a notoriously weak security point, and thanks to COVID-19, working from home is becoming more the norm than the exception. Remote endpoint devices aren’t behind the company firewall, and employees are accessing company files and resources via FTP or other remote connection, which further expands the attack surface for cybercriminals.
Despite the best security efforts, the reality is that you can’t control human behavior. So, when it comes to the human element in cybersecurity, your best defense is a good offense. Being proactive is key when mitigating people-initiated risk.
This approach requires cooperation between humans and technology to succeed. Some ways to protect your data and applications from accidental internal threats include:
- Educating employees on ransomware and cyber hygiene
- Investing in third-party, cloud-to-cloud backup to ensure data is secure and retrievable after a security event or other disaster
- Installing an integrated cyber and data protection solution, with enhanced detection and response, ransomware protection, and secure remote access.
Outdated Knowledge of Threats
Today’s ransomware is evolving rapidly, so legacy malware protection tools only catch and prevent a fraction of the strains that are out there. Legacy solutions also aren’t as good as modern ransomware protection tools at detecting threats if they do make it inside your network.
Once it gets past your security perimeter, ransomware moves quickly and cuts a wide, destructive path. Without the right tools in place, ransomware can do extensive damage before you even know it's there. Upgrading your legacy malware protection tools is the only way to get peace of mind that you can stop an attack quickly and 100 percent reverse any damage incurred.
Modern ransomware doesn’t just encrypt data; some strains also expose customer and company data to the public. To fully protect your organization from this type of threat, look for a solution that includes all-in-one cybersecurity and data protection, like one of Arcserve’s Sophos-powered offerings.
The most effective tools for stopping known and unknown cyberthreats also include technology such as:
- Signature-based and signatureless malware detection
- Deep learning neural network
- CryptoGuard and WipeGuard to stop never-before-seen ransomware and boot-record attacks
Not Prioritizing Data Recovery and Backup
Traditionally, people backed up data by making copies and storing them on a local backup server. A copy of the data was also written to tape and stored off-site or online for added protection.
Modern ransomware changed the game with strains that can corrupt not only the data on the local server, but also data stored on backup servers. This type of attack occurs when the malware jumps from the primary infection point to the backup server or when it exploits vulnerabilities in the OS or data protection software, allowing it to corrupt the backups directly.
The key to preventing this type of catastrophic data loss is implementing an ironclad disaster recovery and business continuity plan. Continuity and high availability require frequent, fully tested backups that are inaccessible from the company network, so look for a ransomware protection solution that provides fully integrated, cloud-based backups with deep learning endpoint protection to protect backups from cyberattacks.
Ransomware technology and tactics have evolved significantly over the years, and the hard truth is that traditional ransomware protection strategies simply can’t keep the attacks at bay. But you don’t have to live in fear of an attack on your organization. Educating IT security teams about these three common pitfalls—and the ransomware protection solutions that prevent them—will significantly reduce your chances of becoming a victim.
For additional tips on how to mitigate the impacts of ransomware, download A Ransomware Crisis Plan Is Now a Business Imperative to learn how to proactively prepare for and prevent cyberattacks.