Reading Time: 6 minutes How Do You Prevent Ransomware Attacks Before They Strike?
Superman has his Fortress of Solitude. Batman has the Batcave. Even Doctor Strange has the undetectable Sanctum Sanctorum. With cybercriminals roaming today’s digital landscapes, you can’t help but start looking for a data stronghold that will fend off the worst of the worst - ransomware.
When ransomware strikes, your entire company's future depends on what you can recover and how quickly you can recover it. This is not hyperbole.
According to the National Archives & Records Administration in Washington, 93% of companies that lost their data center for more than ten days were bankrupt within one year of the disaster. Half of those companies filed for bankruptcy immediately.
Your company lives and dies by its ability to access, protect and utilize its data. But while it’s helpful to understand the threat, it’s far more critical to put construct a digital fortress that will protect your data around the clock.
It’s the difference between prevention and mitigation, and it’s the only way to ensure you’ll never have to make that difficult decision of paying out millions in cryptocurrency to a shadowy basement villain or kissing your data (and your business) goodbye forever.
To get ahead, it’s critical to understand the landscape of today’s ransomware attacks and the most common solutions, as well as how bat365 can help detect and neutralize inevitable attacks.
The Cybersecurity Landscape: The Rise of Ransomware
The US Government’s Cybersecurity & Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) classify ransomware as malware “designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.”
Cybercriminals don’t discriminate between mission-critical services and life-saving infrastructure. They go for targets of opportunity — those likely to pay the ransom. In fact, many bad actors now layer extortion on top of data loss by threatening to release stolen data publicly if their demands are not met. CISA says they’ve even begun to move laterally across networks to propagate their evil viruses more effectively. Then, they target system backups for deletion, making restoration and recovery even more difficult, if not impossible. They want you at their mercy, with no option but to pay them millions.
Criminals are nothing if not resilient within their domain. They migrate and shift as the shadows move — PayPal ransoms are replaced by Bitcoin. Discounts are negotiable. Data might be released, but they’ve likely made a copy for themselves that they’ll exploit for additional profits. Some are even explicitly targeting healthcare systems in the wake of COVID-19 because of the heightened concerns everyday citizens have about their access to care.
If you spend a few minutes scrolling through the SonicWall Capture Lab’s reports on the threat landscape, you’ll discover that it’s evolving rapidly — and not in your favor. Consider the following examples:
Ransomware-as-a-Service (RaaS) developers, such as DarkSide, boost the number of bad actors by lowering the bar of technological know-how and sharing the ill-gotten gains with “affiliates.” Some even focus on “big game hunting,” attacks on large, public, well-endowed organizations that they know can afford to pay. (Ostensibly, this is also some kind of noble gesture in deference to the hospitals, schools, non-profits, and government services other less scrupulous villains target. But it’s still just a digital gun to your data’s head.)
Then there are also “designer” ransomwares, such as Fin7’s Black Basta virus, which stole $1B from over 90 organizations in just six months.
Of course, there’s AtomSilo, which encrypts your files, obtains sensitive information (like employee personal information), and then offers a 48-hour window for a $500,000 ransom, which soon doubles to $1 million without payment. Then, if the ransom still isn’t paid, victims receive a threat that all private data will be made public.
The Chess Match: Common Solutions & Evolutions
This cat-and-mouse game of vulnerability management may, at first, seem like something you can win with the right talent, state-of-the-art detection and response systems, and rigorous security policies and procedures.
No matter the approach, cybercrime experts, including CISA, the MS-ISAC, and the FBI, all agree on one piece of advice: DON’T PAY THE RANSOM. Sending cryptocurrency to some dark web dweeb doesn’t guarantee anything. It doesn’t ensure your data will be decrypted and doesn’t magically protect data from being compromised when and if it’s returned.
These federal law enforcement agencies instead offer numerous IT best practices that will help mitigate the risk of ransomware getting to your data. It starts with understanding the most common attack vectors:
Internet-facing vulnerabilities and misconfigurations like web browsers and plug-ins, unused ports and protocols like Remote Desktop Protocol [RDP] or Transmission Control Protocol [TCP] Port 3389 or TCP port 445, outdated versions of Server Message Block like v1 or v2, and literally any unpatched or un-updated software or OS.
Phishing via spoofed or modified emails from valid domains, social engineering, and macro scripts in embedded Microsoft Office files
Precursor malware infections like TrickBot, Dridex, or Emotet leverage command and control activity to infiltrate your network and often drop ransomware only as a cover for other even more nefarious misdeeds within a system
Third parties like Managed Service Providers, that store your organization’s backups and are liable to infiltration or spoofing even spoofed via compromised email accounts.
That’s a lot of potential pathways into a system. For maximum protection, you’ve got to cover every entrance simultaneously. Here are the gold standards of ransomware mitigation that you can use to defend these myriad layers of exposure:
Make all the necessary software updates sooner than later. This includes operating systems, applications, firmware, etc.
Require multi-factor authentication for network access of any kind.
Leverage account-based security policies to control access at a granular level.
Be vigilant. Never stop monitoring your systems.
In other words, vigilance and dedication are your greatest tools in your anti-Ransomware arsenal.
Your IT team must be relentless in policing the dumb human behaviors that make phishing and social engineering such honeypots of digital demise. Your segmentation and compartmentalization must be airtight to keep the ship from sinking when the hull is breached.
Ransomware is even a threat to Operational Technology (OT) assets and control systems, extending the territory you have to defend even further and requiring you to cover more possible paths from deadly digital attacks.
That’s a heavy load to carry. Your backups must be spotless. Your reaction time, honed to the thousandth of a second. You can’t afford to miss, not even once. Cybercriminals, on the other hand, only have to get lucky once, no matter how many attempts it takes to find a chink in your armor. Unfortunately, the odds are never in your favor.
There’s got to be something better than offline, encrypted backups stored each night inside a bank vault with retinal scan access. In all seriousness, relying on hardware backups to protect the integrity of the data that is the very lifeblood of your business is not preventative at all.
What you need is a way to stop ransomware from having any power over your system whatsoever. End the threat before it touches your system, and you win.
Shift the balance of power in the fight against ransomware.
The Unexpected Answer: Moving Beyond Mitigation
Automated resilience. These two words solve ransomware prevention in today’s threat landscape. Due to CloudFS' back-end immutability, bat365 ensures that all files in a deployment are effectively immune to ransomware. In the event of an attack, bat365 simply restores your files to an uninfected version and marks the impacted files as “read-only.” Then, your antivirus tools can detect and remove them with ease.
bat365’s approach to cybersecurity doesn’t seek to stop all ransomware attacks, because they will happen. Instead, we focus on recovering from the infection with zero data loss. This kind of immutable security ensures that your data is accessible from edge to core to cloud without performance penalties, all while keeping it invulnerable to loss.
We provide resilient data architecture that offers built-in protection against accidental data deletion or damage, whether that’s due to malware, ransomware, or a peeved employee. The “Write Once, Read Many” format we use for object storage is truly immutable, meaning the data cannot be changed. New files or data created by file edits are stored as new, affiliated data blocks. Nothing is ever overwritten.
Frequent system snapshots capture every location in the CloudFS, allowing you to seamlessly restore any file to any point in time. And again, because they’re read-only, they cannot be changed once captured. They simply can’t be compromised. bat365 is fundamentally resistant to Ransomware. While no single solution can prevent attacks or defending every pathway. bat365 ensures that your data stays in your hands. We changed the rules of the game using cloud object storage, and no amount of phishing or neglected ports or outdated software patches will give the cybervillains leverage over your data. With over 34 patents (and counting), our approach is truly unique.
Ransomware is going to continue to evolve. As AI-powered threat detection systems improve their ability to monitor the countless attack vectors beyond the capabilities of even the most advanced IT team, the dark genuises driving these data hostage situations will find new ways to infiltrate, corrupt, and capture your data. The only solution they can’t penetrate is one that doesn’t play their game.
Immutable data is the answer to ransomware. And it’s the only way to guarantee that you won’t ever have to agonize over whether or not you should pay the ransom.