Ransomware continues to dominate the cyberthreat landscape, posing a significant risk to the integrity and security of sensitive data — witness the latest global cyberattack by Russian cybercriminal group, Clop, that has affected several hundred companies and government agencies across the country, according to CNN. With its potential to cripple entire networks, ransomware attacks can expose critical data, disrupt business operations, and can cause great financial loss and reputational damage. The latest research by Sophos found that 66 percent of organizations surveyed were attacked by ransomware.
Ransomware is a type of malicious software — or malware — that encrypts a victim's files or locks them out of their computer systems, rendering the data inaccessible and unusable. Cybercriminals demand a ransom payment in exchange for restoring access to the encrypted files.
In a twist, termed exfiltration, the current ransomware attack by Clop exploits new and unknown software flaws to demand ransom not to unlock encrypted files but rather to prevent the group from leaking stolen data. Cybersecurity firm ReliaQuest advises in a briefing that the Clop group has demonstrated in the past that it is a highly capable organization that is able to rapidly exploit vulnerabilities and breach networks and data repositories.
While software vulnerabilities are a common vector for ransomware deployments, phishing emails are still the number one method bad actors use to gain entry into an organization’s network.
By remaining proactive and vigilant, organizations can mitigate risks via a multi-layered approach:
- Have a backup strategy. Back up critical data regularly. If you have a security or systems incident, are you in a good position to recover without major disruptions to the business? Are you monitoring the integrity of your data? Have you practiced the data restoration processes to ensure you are ready should an incident occur?
- Keep software and systems current with the latest security patches and updates. A patching discipline is critical to your security and technology operations to ensure that systems aren’t exploited. In fact, according to the Sophos research, unpatched vulnerabilities were the most common root cause of attackers gaining initial access into systems.
- Manage digital identities. Organizations can better manage data access by implementing strong identity and access management (IAM) and enforcing the Model of Least Privilege, which is defined by the National Institute of Standards and Technology (NIST) as the principle that a security architecture should grant each entity the minimum system resources and authorizations that the entity needs to perform its function.
- Use virtual data rooms (VDRs) to transmit and share confidential documents with external parties. Organizations need advanced security embedded at every level, especially when managing and sharing sensitive information such as company data, personally identifiable information (PII), contracts, and government filings. DFIN’s Venue, a secure and intuitive VDR platform has the highest levels of infrastructure security including multi-factor authentication, 256-bit encryption, virus/malware scanning, secure information rights management (IRM) — this means that Venue users can provision permissions of precisely who can see what — and dynamic watermarking. Venue meets stringent auditing and reporting compliance requirements including SOC2 Type II auditing and reporting and ISO/IEC 27001:2013 compliance.
- Use multi-factor authentication and strong passwords to prevent unauthorized access to data. These measures add an additional layer of security, making it more difficult for hackers to gain access to sensitive information. Strong passwords are typically longer, more complex, and harder to guess or crack, while multi-factor authentication requires users to provide additional forms of verification such as a fingerprint, a security token, or a text message code, which significantly reduces the risk of unauthorized access even if a password is compromised.
- Train employees on how to recognize and avoid phishing and other social engineering tactics. Email filters aren’t perfect, and malicious messages can make it through to users’ inboxes. Implementing a security awareness program that constantly challenges and educates your employee base will help keep them better prepared to respond appropriately to a variety of threats that they might face. Here are measures organizations can implement internally to help guard against phishing.
- Conduct regular vulnerability assessments and penetration testing to identify and address weaknesses. Regular vulnerability assessments and penetration testing involve evaluating an organization's network, systems, and applications to identify potential security weaknesses, simulate real-world attacks, and provide actionable recommendations to address these vulnerabilities before they can be exploited by malicious actors.
- Deploy robust anti-malware endpoint detection and response software and ensure that it is kept up to date. This helps provide real-time data protection by identifying and blocking malicious software such as viruses, worms, and spyware before they can infect a system or steal sensitive information.
- Consider implementing network segmentation to limit the spread of ransomware if it infects one system. Dividing a network into smaller subnetworks or segments, each with its own security controls and access policies, can prevent the ransomware from moving laterally and infecting other systems and critical assets. This can also reduce the impact and scope of a potential ransomware attack, making it easier to isolate and contain the infection.
- Research the latest security tools. Tools such as endpoint protection with strong anti-exploit capabilities, Zero Trust Network Access (ZTNA) solutions that help thwart the abuse of compromised credentials, and adaptive technologies that respond automatically to attacks can all help boost your security. Consider implementing technologies that leverage artificial intelligence (AI) and machine learning (ML) to minimize ransomware attacks. By analyzing patterns and behaviors, AI and ML algorithms can enable faster threat detection and block threats from entering a network.
- Implement a disaster recovery plan to ensure that business operations can continue in the event of a ransomware attack. Related to this, have an incident response plan in place that outlines the steps to take in the event of a ransomware attack, including who to contact and how to communicate with stakeholders. In a recent DarkReading article on lessons learned from a ransomware attack, Bridgestone Americas’ CISO, Tom Corridon, said, “designate key decision-makers for handling such crises before they happen” and “the executives in charge of making critical decisions during a ransomware attack need to be comfortable making them without a lot of data.”
In addition to the above security strategies, understanding your regulatory and legal data obligations remains critical, especially as U.S. global data regulations and laws continue to expand and evolve. Companies in regulated industries have that much more reason to improve their security posture to prioritize data protection and security, and identify and mitigate potential data risks and vulnerabilities.
ReliaQuest goes on to caution that the Clop ransomware group is expected to continue its malicious activities and that no vertical industry is safe from the threats they and other groups pose. Whichever industry you’re in, unless you have taken the steps above, you should assume that cybercriminals can access your data. Right now is the perfect time to up your organization’s security game.