Data Protection
January 27, 2022 By Douglas Bonderud 4 min read

When it comes to ransomware, it’s a matter of when not if.

The data tells the tale. Both the volume and types of ransomware attacks are on the rise. Plus, attackers aren’t just after enterprises. They now target businesses of all shapes and sizes. That way, they increase their chances of breaching security perimeters and convincing businesses to pay up.

But it’s not all bad news. With the right approach, businesses can largely avoid the damage and downtime from these attacks. The answer? Adopting an active recovery strategy that views both attacks and response as ongoing. That way, enterprises can mitigate the impact of these attacks and reduce their total severity.

Here’s a look at the current realities of ransom attacks, and five steps to help put active ransomware recovery first.

The State of Ransomware

Recent research shows a 1,070% increase in ransomware attacks between June 2020 and July 2021. According to the IBM X-Force definitive guide to ransomware, the variety of these attacks is rapidly increasing. Some can target over 150 file types. The list is constantly expanding as attackers look for new openings.

Attackers are also changing their approach to leverage current conditions and compel quick action. For example, early 2021 saw a rise in COVID-19 vaccine-related ransomware attacks. The recent Colonial Pipeline breach caused a suspension of operations.

The harsh truths of ransomware often leave IT teams feeling frustrated. If attacks are bound to happen and attackers are always evolving their methods, it’s tempting for people to give up. Enterprises resign themselves to responsive frameworks. They try to avoid the brunt of the impact rather than minimize the damage.

Taking Action With Active Ransomware Recovery

Ransomware is much like home break-ins. If attackers are determined enough, they’ll find a way. But this doesn’t mean that homeowners should simply resign themselves to break-ins. Instead, there are active steps they can take to reduce the chances of being targeted. Even if bad actors decide it’s worth the risk, cameras and alarm systems can minimize the impact.

The same approach applies to ransomware recovery. You can’t prevent every breach and account for every new attack vector. But, it’s possible to deter most attacks and mitigate the impact of those that get through by taking preemptive, protective steps.

Here are five ways to empower an active ransomware recovery strategy.

Adopt Zero Trust

Zero trust models leverage a ‘never trust, always verify’ approach to reduce ransomware risk. For example, you might require all users to verify who they are using tools such as multifactor authentication or via behavioral pattern analysis. That way, enterprises can limit the number of viable attack approaches open to attackers. Since ransomware payloads require system access to be deployed, narrowing the parameters for permission makes this occurrence far less likely.

Build In Robust Backups

Backups offer a proven way to access data in the event of loss, corruption or service interruption. In addition, cloud-based backup solutions are becoming faster and more reliable. Therefore, they can also play a role in active ransomware recovery. It’s important to create secure, geographically disparate backups. That way, enterprises can ensure that even if they’re unable to remove ransomware encryption or attackers go back on promises to deliver decryption keys, their most important data remains accessible on-demand.

Address Emerging Trends in Ransomware

Attackers have the advantage when it comes to designing new threat vectors. After all, casing corporate systems lets them build new frameworks better designed to circumvent current protections. Consider the recent rise of Yanluowang ransomware, a double extortion attack that both encrypts stolen data and threatens to leak it to the public. Using a mix of open source and honest tools, Yanluowang is quickly becoming a ransomware-type of concern.

Security tools, meanwhile, often remain static. That’s even more likely if they’re part of legacy systems with limited interoperability. Here, solutions such as secure access service edge offer a way to deliver agile, cloud-based security across large-scale network environments. That, in turn, can help companies stay ahead of the curve.

Create an IR Framework

When attacks do happen, end-to-end incident response (IR) frameworks can reduce the time required to find out what’s happened, pinpoint problem locations and fix threats. However, 63% of C-suite executives surveyed and 67% of small businesses asked said they didn’t have a response plan in place.

Here, the active recovery goal is speed. You can achieve it by creating IR teams for this specific purpose, drawn from your IT staff. Each of them should have specific tasks to complete in the event of an attack. It’s also good to have backup employees in case primary team members can’t come in. Paired with regular practice that puts response speed and accuracy first, teams can refine processes until they’re largely muscle memory. That, in turn, cuts down on the impact of potential panic that often sets in when teams detect ransomware attacks. Data bears out the benefits of these plans: Companies with tested IR plans spent $3.29 million repairing breaches, while those without plans in place spent $5.29 million.

Put People First

People — including staff, stakeholders and customers — are the ones affected by ransomware in the end. As a result, active recovery plans must put accessibility of data and reliability of services first, even during a ransomware attack.

In practice, this means using new tools. Those might be AI-driven threat detection or next-generation firewalls. Today’s firewalls are capable of assessing and analyzing threats in real-time while still allowing trusted users to access critical data. In effect, active recovery means keeping the lights on whenever possible — even when ransomware attacks occur. It does so by creating logically segmented networks equipped with real-time security and monitoring controls.

Embracing Active Ransomware Recovery

Ransomware attackers want victims to have to play catch-up when attacks occur. To fight back, use an active ransomware recovery strategy. Include zero trust, robust backups, emerging trends and IR frameworks and put your people on the front line. That way, it’s possible for enterprises to minimize downtime, mitigate damage and make malicious actors’ work much more difficult.

 |  |  | 
Douglas Bonderud
Freelance Writer

More from Data Protection
November 8, 2023

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature