The Chicago Journal

Your Gateway to the Heartbeat of Chicago

Ransomware Response and Recovery: Tips from a Security Expert

Sourced photo

Ransomware was once a little-known, consumer-based annoyance, but it has evolved into full-blown terrorist-style attacks on large enterprises, critical infrastructure, and entire industries. As the number of ransomware attacks has grown, so has the level of sophistication and the demand amount. Ransomware has hit every sector, but financial institutions, manufacturers, and healthcare are frequent targets. Any company that uses the internet is susceptible, so your business could be a target unless you’re living in Amish country and using manual tools in every aspect of your company.

Here are some sobering statistics.

Ransomware has become cybercrime’s most robust business, with some threat actors offering Ransomware as a Service (RaaS) to buyers on the dark web. It has overtaken legacy cybercrime strategies like banking trojans, phishing, and distributed denial-of-service (DDoS), although those methods can be the entry point. 

Ransomware is a global issue, with targets in almost every nation; however, EU countries and the United States get hit most often. Ransomware can be formidably expensive. For instance, UCSF paid $1.14 million to the Circus Spider faction when they released the Netwalker ransomware into their system. Brenntag and Colonial Pipeline paid out $4.4 million to Darkside, and CWT Global shelled out $4.5 million to a team of hackers known only as Ragnar Locker.

The Need for Resilience 

With the number of ransomware attacks rising, prevention and mitigation must be every company’s priority. While employee error is a main gateway, clever threat actors have found new ways to disrupt trusted software providers, cloud infrastructure, and web browsers. Employee education is helpful, but it isn’t enough.

According to Tony UcedaVélez, CEO and founder of global cybersecurity firm VerSprite, “The way into most organizations is through different types of technology. They’re not going through the front door or even the back door anymore. They’re looking for the Trojan horse. That’s related to what types of technology, software, hardware, and services are embedded within the company. It’s called a supply chain attack, and most companies aren’t prepared for it.” 

Cybersecurity needs to be built into the company’s ecosystem as much as your company’s culture and values.

Your company’s resilience and ability to recover from a ransomware attack are crucial. It’s a simple process, but unfortunately, it’s one that most companies fail to implement. Ransomware attacks have been successful simply because most businesses do not have a proper disaster recovery (DR) plan. 

What Can You Do? Manage Threats with Intention

Ransomware involves sequential, small attacks on information assets that eventually lead to data encryption. Therefore, understanding your attack surface is imperative. It will help your organization understand a data compromise’s potential impact. Then you can prioritize mitigation based on your risk appetite.

Tony states that configuration management, endpoint detection, and response solutions are the optimal ways to mitigate risks. He says, “Secure your business with intention, which means understanding the risk appetite of your company and the threat landscape of your industry. Set up security where the risk is most relevant. You don’t need all the bells and whistles many companies try to scare you into wasting money on.”

Tony and his team have laid out a common-sense plan to not only prepare for attacks but how to recover if the worst happens.

  1. Conduct comprehensive, ongoing audits of the entire tech stack and address and remediate any areas of weakness. It’s a good idea to have an immutable or air-gapped data repository, as well.
  2. Meaningful, frequent attack simulation exercises, such as Red Teaming, to test the effectiveness of an organization’s technology, processes, and people. This will help you identify gaps, mitigate vulnerabilities, and gather insight to guide future security efforts.
  3. Mandatory staff security awareness training that employs relevant real-life examples on both company and personal devices. End users are the first line of defense, so employee education must be a crucial part of your prevention efforts.
  4. The movement toward a Zero Trust model across the entire enterprise.
  5. Employing Extended Detection and Response (XDR) as part of a coordinated technology response to a threat across access endpoints, networks, communications, and storage.

VerSprite uses its PASTA (Process for Attack Simulation and Threat Analysis) methodology to help companies proactively prepare for a malicious attack. It is a customized threat model that evaluates the risks, threats, and vulnerabilities of your organization. Then it identifies the likelihood of those threats compromising your business. Threat modeling can assess your ability to prevent and respond to those threats.

VerSprite’s team can help you minimize and prevent operational downtime and data loss, so you never have to pay a ransom.

VerSprite’s Threat Intelligence Group provides organizations with real-time threat monitoring, analysis, prevention recommendations, and mitigation. Our elite team works with companies across all industries and security maturity levels to defend against threats. For more information on Versprite’s Threat Intel Group, contact one of our security advisers today.

Share this article


This article features branded content from a third party. Opinions in this article do not reflect the opinions and beliefs of The Chicago Journal.