Active Ransomware Recovery: Five Steps for Success


When it comes to ransomware, it’s a matter of when not if.

The data tells the tale. Both the volume and types of ransomware attacks are on the rise. Plus, attackers aren’t just after enterprises. They now target businesses of all shapes and sizes. That way, they increase their chances of breaching security perimeters and convincing businesses to pay up.

But it’s not all bad news. With the right approach, businesses can largely avoid the damage and downtime from these attacks. The answer? Adopting an active recovery strategy that views both attacks and response as ongoing. That way, enterprises can mitigate the impact of these attacks and reduce their total severity.

Here’s a look at the current realities of ransom attacks, and five steps to help put active ransomware recovery first.

The State of Ransomware

Recent research shows a 1,070% increase in ransomware attacks between June 2020 and July 2021. According to the IBM X-Force definitive guide to ransomware, the variety of these attacks is rapidly increasing. Some can target over 150 file types. The list is constantly expanding as attackers look for new openings.

Attackers are also changing their approach to leverage current conditions and compel quick action. For example, early 2021 saw a rise in COVID-19 vaccine-related ransomware attacks. The recent Colonial Pipeline breach caused a suspension of operations.

The harsh truths of ransomware often leave IT teams feeling frustrated. If attacks are bound to happen and attackers are always evolving their methods, it’s tempting for people to give up. Enterprises resign themselves to responsive frameworks. They try to avoid the brunt of the impact rather than minimize the damage.

Taking Action With Active Ransomware Recovery

Ransomware is much like home break-ins. If attackers are determined enough, they’ll find a way. But this doesn’t mean that homeowners should simply resign themselves to break-ins. Instead, there are active steps they can take to reduce the chances of being targeted. Even if bad actors decide it’s worth the risk, cameras and alarm systems can minimize the impact.

The same approach applies to ransomware recovery. You can’t prevent every breach and account for every new attack vector. But, it’s possible to deter most attacks and mitigate the impact of those that get through by taking preemptive, protective steps.

Here are five ways to empower an active ransomware recovery strategy.

Adopt Zero Trust

Zero trust models leverage a ‘never trust, always verify’ approach to reduce ransomware risk. For example, you might require all users to verify who they are using tools such as multifactor authentication or via behavioral pattern analysis. That way, enterprises can limit the number of viable attack approaches open to attackers. Since ransomware payloads require system access to be deployed, narrowing the parameters for permission makes this occurrence far less likely.

Build In Robust Backups

Backups offer a proven way to access data in the event of loss, corruption or service interruption. In addition, cloud-based backup solutions are becoming faster and more reliable. Therefore, they can also play a role in active ransomware recovery. It’s important to create secure, geographically disparate backups. That way, enterprises can ensure that even if they’re unable to remove ransomware encryption or attackers go back on promises to deliver decryption keys, their most important data remains accessible on-demand.

Address Emerging Trends in Ransomware

Attackers have the advantage when it comes to designing new threat vectors. After all, casing corporate systems lets them build new frameworks better designed to circumvent current protections. Consider the recent rise of Yanluowang ransomware, a double extortion attack that both encrypts stolen data and threatens to leak it to the public. Using a mix of open source and honest tools, Yanluowang is quickly becoming a ransomware-type of concern.

Security tools, meanwhile, often remain static. That’s even more likely if they’re part of legacy systems with limited interoperability. Here, solutions such as secure access service edge offer a way to deliver agile, cloud-based security across large-scale network environments. That, in turn, can help companies stay ahead of the curve.

Create an IR Framework

When attacks do happen, end-to-end incident response (IR) frameworks can reduce the time required to find out what’s happened, pinpoint problem locations and fix threats. However, 63% of C-suite executives surveyed and 67% of small businesses asked said they didn’t have a response plan in place.

Here, the active recovery goal is speed. You can achieve it by creating IR teams for this specific purpose, drawn from your IT staff. Each of them should have specific tasks to complete in the event of an attack. It’s also good to have backup employees in case primary team members can’t come in. Paired with regular practice that puts response speed and accuracy first, teams can refine processes until they’re largely muscle memory. That, in turn, cuts down on the impact of potential panic that often sets in when teams detect ransomware attacks. Data bears out the benefits of these plans: Companies with tested IR plans spent $3.29 million repairing breaches, while those without plans in place spent $5.29 million.

Put People First

People — including staff, stakeholders and customers — are the ones affected by ransomware in the end. As a result, active recovery plans must put accessibility of data and reliability of services first, even during a ransomware attack.

In practice, this means using new tools. Those might be AI-driven threat detection or next-generation firewalls. Today’s firewalls are capable of assessing and analyzing threats in real-time while still allowing trusted users to access critical data. In effect, active recovery means keeping the lights on whenever possible — even when ransomware attacks occur. It does so by creating logically segmented networks equipped with real-time security and monitoring controls.

Embracing Active Ransomware Recovery

Ransomware attackers want victims to have to play catch-up when attacks occur. To fight back, use an active ransomware recovery strategy. Include zero trust, robust backups, emerging trends and IR frameworks and put your people on the front line. That way, it’s possible for enterprises to minimize downtime, mitigate damage and make malicious actors’ work much more difficult.

The post Active Ransomware Recovery: Five Steps for Success appeared first on Security Intelligence.