Light Dark
January 27, 2022 By Douglas Bonderud 4 min read
Risk Management
Data Protection
Incident Response

When it comes to ransomware, it’s a matter of when not if.

The data tells the tale. Both the volume and types of ransomware attacks are on the rise. Plus, attackers aren’t just after enterprises. They now target businesses of all shapes and sizes. That way, they increase their chances of breaching security perimeters and convincing businesses to pay up.

But it’s not all bad news. With the right approach, businesses can largely avoid the damage and downtime from these attacks. The answer? Adopting an active recovery strategy that views both attacks and response as ongoing. That way, enterprises can mitigate the impact of these attacks and reduce their total severity.

Here’s a look at the current realities of ransom attacks, and five steps to help put active ransomware recovery first.

The state of ransomware

Recent research shows a 1,070% increase in ransomware attacks between June 2020 and July 2021. According to the IBM X-Force definitive guide to ransomware, the variety of these attacks is rapidly increasing. Some can target over 150 file types. The list is constantly expanding as attackers look for new openings.

Attackers are also changing their approach to leverage current conditions and compel quick action. For example, early 2021 saw a rise in COVID-19 vaccine-related ransomware attacks. The recent Colonial Pipeline breach caused a suspension of operations.

The harsh truths of ransomware often leave IT teams feeling frustrated. If attacks are bound to happen and attackers are always evolving their methods, it’s tempting for people to give up. Enterprises resign themselves to responsive frameworks. They try to avoid the brunt of the impact rather than minimize the damage.

Taking action with active ransomware recovery

Ransomware is much like home break-ins. If attackers are determined enough, they’ll find a way. But this doesn’t mean that homeowners should simply resign themselves to break-ins. Instead, there are active steps they can take to reduce the chances of being targeted. Even if bad actors decide it’s worth the risk, cameras and alarm systems can minimize the impact.

The same approach applies to ransomware recovery. You can’t prevent every breach and account for every new attack vector. But, it’s possible to deter most attacks and mitigate the impact of those that get through by taking preemptive, protective steps.

Here are five ways to empower an active ransomware recovery strategy.

Adopt zero trust

Zero trust models leverage a ‘never trust, always verify’ approach to reduce ransomware risk. For example, you might require all users to verify who they are using tools such as multifactor authentication or via behavioral pattern analysis. That way, enterprises can limit the number of viable attack approaches open to attackers. Since ransomware payloads require system access to be deployed, narrowing the parameters for permission makes this occurrence far less likely.

Build in robust backups

Backups offer a proven way to access data in the event of loss, corruption or service interruption. In addition, cloud-based backup solutions are becoming faster and more reliable. Therefore, they can also play a role in active ransomware recovery. It’s important to create secure, geographically disparate backups. That way, enterprises can ensure that even if they’re unable to remove ransomware encryption or attackers go back on promises to deliver decryption keys, their most important data remains accessible on-demand.

Address emerging trends in ransomware

Attackers have the advantage when it comes to designing new threat vectors. After all, casing corporate systems lets them build new frameworks better designed to circumvent current protections. Consider the recent rise of Yanluowang ransomware, a double extortion attack that both encrypts stolen data and threatens to leak it to the public. Using a mix of open source and honest tools, Yanluowang is quickly becoming a ransomware-type of concern.

Security tools, meanwhile, often remain static. That’s even more likely if they’re part of legacy systems with limited interoperability. Here, solutions such as secure access service edge offer a way to deliver agile, cloud-based security across large-scale network environments. That, in turn, can help companies stay ahead of the curve.

Create an IR framework

When attacks do happen, end-to-end incident response (IR) frameworks can reduce the time required to find out what’s happened, pinpoint problem locations and fix threats. However, 63% of C-suite executives surveyed and 67% of small businesses asked said they didn’t have a response plan in place.

Here, the active recovery goal is speed. You can achieve it by creating IR teams for this specific purpose, drawn from your IT staff. Each of them should have specific tasks to complete in the event of an attack. It’s also good to have backup employees in case primary team members can’t come in. Paired with regular practice that puts response speed and accuracy first, teams can refine processes until they’re largely muscle memory. That, in turn, cuts down on the impact of potential panic that often sets in when teams detect ransomware attacks. Data bears out the benefits of these plans: Companies with tested IR plans spent $3.29 million repairing breaches, while those without plans in place spent $5.29 million.

Put people first

People — including staff, stakeholders and customers — are the ones affected by ransomware in the end. As a result, active recovery plans must put accessibility of data and reliability of services first, even during a ransomware attack.

In practice, this means using new tools. Those might be AI-driven threat detection or next-generation firewalls. Today’s firewalls are capable of assessing and analyzing threats in real-time while still allowing trusted users to access critical data. In effect, active recovery means keeping the lights on whenever possible — even when ransomware attacks occur. It does so by creating logically segmented networks equipped with real-time security and monitoring controls.

Embracing active ransomware recovery

Ransomware attackers want victims to have to play catch-up when attacks occur. To fight back, use an active ransomware recovery strategy. Include zero trust, robust backups, emerging trends and IR frameworks and put your people on the front line. That way, it’s possible for enterprises to minimize downtime, mitigate damage and make malicious actors’ work much more difficult.

 |  |  | 
Douglas Bonderud
Freelance Writer

More from Risk Management
December 19, 2024

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

December 19, 2024

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

December 6, 2024

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature