Light Dark
July 30, 2018 By Kacy Zurkus 3 min read
Data Protection
Incident Response

Without a ransomware recovery strategy, companies sometimes end up paying to retrieve their data after an attack. At the same time, threat actors are growing more sophisticated in their ability to bypass both antivirus and anti-ransomware tools — thus, they’re also growing bolder. To stay ahead of the curve, organizations will need to develop more complete defense systems and recovery plans.

Putting Prevention First

Recent research from the Ponemon Institute found that the majority of responding companies (69 percent) don’t trust antivirus solutions to stop threats, while CIO Dive revealed that 81 percent of cybersecurity experts predict an increase in ransomware attacks in 2018. Furthermore, human error only increases the potential of a successful ransomware attack. So it’s up to security practitioners to take steps to prevent an incident, and the first of those steps should be to focus on IT hygiene, said Christopher Scott, CTO, global remediation lead, IBM X-Force IRIS.

“IT departments should focus on keeping endpoints up to date to reduce the attack surface for ransomware attacks,” Scott advises. “Security groups should look to embrace endpoint detection and response (EDR) technology to detect these attacks earlier to reduce the overall impact.”

Once they have taken the time to fully examine and improve their IT hygiene, companies can start preparing for a ransomware attack. According to Bruno Carrier, IT security strategist at BoldCloud, a layered defense strategy is the best guard. Carrier suggests that a strong defense against ransomware should include:

  • Antivirus or anti-malware solutions that are active and up to date;
  • Anti-data encryptors, which can prevent malware from locking your data access;
  • Anti-spam, which is an essential tool for reducing a business’s exposure to email-borne threats such as suspicious links, malicious downloads, malware-laden websites, etc.;
  • Backup storage for your files, whether cloud-based or on-site, including a full disk image with all installed programs ready to be restored; and
  • Awareness and security training to help employees recognize what types of emails to avoid and which links are safe to visit.

Ransomware Recovery Without the Ransom

Last month, researchers at Cisco Talos revealed a weakness in the Thanatos ransomware code, making it possible for victims to unlock encrypted files without paying a ransom. ThanatosDecryptor is a free ransomware decryption tool available on GitHub.

Despite these available technologies, companies that have decryptors in place prior to an attack will likely face an uphill battle afterward; forensics and data recovery companies can provide additional assistance to those who need it. Even so, the threats are evolving, which is why antivirus and anti-data encryptor solutions are so important.

“The ransomware problem is truly a problem where prevention is far more effective than a treat-the-symptoms approach,” Carrier says.

In other words, companies shouldn’t get into the habit of waiting for researchers to reverse-engineer decryptor tools for every ransomware strain. The key to recovering from ransomware, without paying the ransom, is having a solid data backup strategy. “Backup systems should be isolated in ways that prevent attackers from encrypting data within this system,” Scott explains.

“A good rule of thumb is configuring backup accounts to be able to access production systems for reading data to back up, while preventing production accounts from having write access of any type to the backup. We have seen cases where the Domain Admin is compromised and is able to encrypt the backups, resulting in difficult and expensive recovery processes.”

Be Prepared — Get Everyone Involved

Many ransomware attacks occur through spear phishing, which brings us back to the people problem. “Companies need to continue to focus on end user education,” Scott says. “In addition to preparing users, companies should be focusing on reducing the attack surface, gaining more visibility into activity and securing the backup systems.”

IBM conducts cyber resiliency workshops to focus on these types of attacks as well as more targeted attackers. “Ransomware attacks are a highly coordinated ‘business,’ which is so developed that what was once acceptable security — like AV/AM/firewall — won’t be enough in today’s threat landscape. You need to do what is expected and then more,” says Carrier.

Listen to the podcast: What’s the Best Defense Against Cyberattacks? You Are

 |  |  |  | 
Kacy Zurkus

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature