When it comes to ransomware, it’s a matter of when not if.

The data tells the tale. Both the volume and types of ransomware attacks are on the rise. Plus, attackers aren’t just after enterprises. They now target businesses of all shapes and sizes. That way, they increase their chances of breaching security perimeters and convincing businesses to pay up.

But it’s not all bad news. With the right approach, businesses can largely avoid the damage and downtime from these attacks. The answer? Adopting an active recovery strategy that views both attacks and response as ongoing. That way, enterprises can mitigate the impact of these attacks and reduce their total severity.

Here’s a look at the current realities of ransom attacks, and five steps to help put active ransomware recovery first.

The State of Ransomware

Recent research shows a 1,070% increase in ransomware attacks between June 2020 and July 2021. According to the IBM X-Force definitive guide to ransomware, the variety of these attacks is rapidly increasing. Some can target over 150 file types. The list is constantly expanding as attackers look for new openings.

Attackers are also changing their approach to leverage current conditions and compel quick action. For example, early 2021 saw a rise in COVID-19 vaccine-related ransomware attacks. The recent Colonial Pipeline breach caused a suspension of operations.

The harsh truths of ransomware often leave IT teams feeling frustrated. If attacks are bound to happen and attackers are always evolving their methods, it’s tempting for people to give up. Enterprises resign themselves to responsive frameworks. They try to avoid the brunt of the impact rather than minimize the damage.

Taking Action With Active Ransomware Recovery

Ransomware is much like home break-ins. If attackers are determined enough, they’ll find a way. But this doesn’t mean that homeowners should simply resign themselves to break-ins. Instead, there are active steps they can take to reduce the chances of being targeted. Even if bad actors decide it’s worth the risk, cameras and alarm systems can minimize the impact.

The same approach applies to ransomware recovery. You can’t prevent every breach and account for every new attack vector. But, it’s possible to deter most attacks and mitigate the impact of those that get through by taking preemptive, protective steps.

Here are five ways to empower an active ransomware recovery strategy.

Adopt Zero Trust

Zero trust models leverage a ‘never trust, always verify’ approach to reduce ransomware risk. For example, you might require all users to verify who they are using tools such as multifactor authentication or via behavioral pattern analysis. That way, enterprises can limit the number of viable attack approaches open to attackers. Since ransomware payloads require system access to be deployed, narrowing the parameters for permission makes this occurrence far less likely.

Build In Robust Backups

Backups offer a proven way to access data in the event of loss, corruption or service interruption. In addition, cloud-based backup solutions are becoming faster and more reliable. Therefore, they can also play a role in active ransomware recovery. It’s important to create secure, geographically disparate backups. That way, enterprises can ensure that even if they’re unable to remove ransomware encryption or attackers go back on promises to deliver decryption keys, their most important data remains accessible on-demand.

Address Emerging Trends in Ransomware

Attackers have the advantage when it comes to designing new threat vectors. After all, casing corporate systems lets them build new frameworks better designed to circumvent current protections. Consider the recent rise of Yanluowang ransomware, a double extortion attack that both encrypts stolen data and threatens to leak it to the public. Using a mix of open source and honest tools, Yanluowang is quickly becoming a ransomware-type of concern.

Security tools, meanwhile, often remain static. That’s even more likely if they’re part of legacy systems with limited interoperability. Here, solutions such as secure access service edge offer a way to deliver agile, cloud-based security across large-scale network environments. That, in turn, can help companies stay ahead of the curve.

Create an IR Framework

When attacks do happen, end-to-end incident response (IR) frameworks can reduce the time required to find out what’s happened, pinpoint problem locations and fix threats. However, 63% of C-suite executives surveyed and 67% of small businesses asked said they didn’t have a response plan in place.

Here, the active recovery goal is speed. You can achieve it by creating IR teams for this specific purpose, drawn from your IT staff. Each of them should have specific tasks to complete in the event of an attack. It’s also good to have backup employees in case primary team members can’t come in. Paired with regular practice that puts response speed and accuracy first, teams can refine processes until they’re largely muscle memory. That, in turn, cuts down on the impact of potential panic that often sets in when teams detect ransomware attacks. Data bears out the benefits of these plans: Companies with tested IR plans spent $3.29 million repairing breaches, while those without plans in place spent $5.29 million.

Put People First

People — including staff, stakeholders and customers — are the ones affected by ransomware in the end. As a result, active recovery plans must put accessibility of data and reliability of services first, even during a ransomware attack.

In practice, this means using new tools. Those might be AI-driven threat detection or next-generation firewalls. Today’s firewalls are capable of assessing and analyzing threats in real-time while still allowing trusted users to access critical data. In effect, active recovery means keeping the lights on whenever possible — even when ransomware attacks occur. It does so by creating logically segmented networks equipped with real-time security and monitoring controls.

Embracing Active Ransomware Recovery

Ransomware attackers want victims to have to play catch-up when attacks occur. To fight back, use an active ransomware recovery strategy. Include zero trust, robust backups, emerging trends and IR frameworks and put your people on the front line. That way, it’s possible for enterprises to minimize downtime, mitigate damage and make malicious actors’ work much more difficult.

More from Data Protection

Beyond Requirements: Tapping the Business Potential of Data Governance and Security

3 min read - Doom and gloom. Fear, uncertainty and doubt. The "stick" versus the "carrot". What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated the idea that data governance, data security and data privacy are reactive cost centers existing due to externally imposed requirements or mandates.Yet, what if data governance and security practices could upend the prevailing paradigm and demonstrate direct business value?[button link="https://community.ibm.com/community/user/security/events/event-description?CalendarEventKey=8d7fdc61-97bf-43b0-b7d6-018756e436a6&CommunityKey=aa1a6549-4b51-421a-9c67-6dd41e65ef85&Home=%2fcommunity%2fuser%2fsecurity%2fcommunities%2fcommunity-home%2frecent-community-events"…

3 min read

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read