Today’s ransomware operators are always coming up with new schemes. They’re constantly on the lookout for new vulnerabilities to weaponize, new operating models to take advantage of, and new alliances with other cybercriminal groups to exploit. Their goal is to come up with strategies that enable them to encrypt (and often, steal) your data more quickly, stealthily, and effectively.
In the recent wave of so-called “double extortion” attacks, for instance, ransomware operators have focused their efforts on exfiltrating data as well as encrypting it, so that victims have a strong incentive to pay up — one that can’t be countered simply by having reliable backups. Criminals have also tried to incentivize employees to help them plant ransomware within victim environments, transforming what was once a malware-based attack strategy into a tough-to-counter insider threat. Or, they’ve added extra steps into the attack sequence, such as bringing down a victim’s website with a distributed denial-of-service (DDoS) that’s perfectly timed to coincide with the ransomware’s activation.
Nonetheless, most of the cybersecurity best practices that organizations should implement in order to defend against the threat posed by ransomware aren’t new or groundbreaking. The list of tips and tactics for preparing for ransomware attacks that the National Institute of Standards and Technologies (NIST) has published, for instance, reads like a basic overview of good habits for cyber hygiene.
According to NIST, organizations should:
We at BTB Security agree that all of this is good advice. In addition, we think that organizations should monitor their environment 24/7/365, as well as create a strong third-party risk management (TPRM) plan, especially since last summer’s Kaseya ransomware attack demonstrated how easily software supply chains and managed service providers (MSPs) can serve as vectors for this type of infection. Purchasing cybersecurity insurance to cover the losses and damages resulting from a ransomware attack may also help mitigate some risks, but should never be the “primary” cybersecurity strategy.
However, taking these steps isn’t enough to guarantee that your organization will never fall victim to a ransomware attack. And despite the risk assessments and audits that organizations in regulated industries are required to undergo on a regular basis, today’s boards are increasingly concerned about ransomware risks.
A specialized ransomware assessment should be both focused and comprehensive. It will allow your organization to meaningfully improve its security posture in relation to today’s ransomware threats. In particular, a ransomware assessment should bring together select elements of a technical controls review, a collaborative assessment of your backup and recovery processes and a governance review of relevant control processes.
If you want the best possible assessment of your ability to respond to ransomware in the real world, consider conducting a ransomware simulation exercise. In this focused activity, the security provider you’re working with will introduce a sanitized version of a currently prevalent ransomware strain into your environment. This enables your team to push the assessment beyond the theoretical. You’ll be able to see how your organization’s actual detection and response capabilities stack up. With this truly comprehensive and realistic test of your preventative and detective controls, you’ll be able to identify and rectify weaknesses, safely. The result will be a far more mature security posture, and greater confidence in your ransomware resilience, something worth highlighting at your next board meeting.
Interested in learning more about how BTB Security helps our clients harden their defenses against ransomware? Check out our ransomware exposure assessment, or connect with a member of our team of security experts to learn how we guide our clients to achieve better security.