Without a ransomware recovery strategy, companies sometimes end up paying to retrieve their data after an attack. At the same time, threat actors are growing more sophisticated in their ability to bypass both antivirus and anti-ransomware tools — thus, they’re also growing bolder. To stay ahead of the curve, organizations will need to develop more complete defense systems and recovery plans.

Putting Prevention First

Recent research from the Ponemon Institute found that the majority of responding companies (69 percent) don’t trust antivirus solutions to stop threats, while CIO Dive revealed that 81 percent of cybersecurity experts predict an increase in ransomware attacks in 2018. Furthermore, human error only increases the potential of a successful ransomware attack. So it’s up to security practitioners to take steps to prevent an incident, and the first of those steps should be to focus on IT hygiene, said Christopher Scott, CTO, global remediation lead, IBM X-Force IRIS.

“IT departments should focus on keeping endpoints up to date to reduce the attack surface for ransomware attacks,” Scott advises. “Security groups should look to embrace endpoint detection and response (EDR) technology to detect these attacks earlier to reduce the overall impact.”

Once they have taken the time to fully examine and improve their IT hygiene, companies can start preparing for a ransomware attack. According to Bruno Carrier, IT security strategist at BoldCloud, a layered defense strategy is the best guard. Carrier suggests that a strong defense against ransomware should include:

  • Antivirus or anti-malware solutions that are active and up to date;
  • Anti-data encryptors, which can prevent malware from locking your data access;
  • Anti-spam, which is an essential tool for reducing a business’s exposure to email-borne threats such as suspicious links, malicious downloads, malware-laden websites, etc.;
  • Backup storage for your files, whether cloud-based or on-site, including a full disk image with all installed programs ready to be restored; and
  • Awareness and security training to help employees recognize what types of emails to avoid and which links are safe to visit.

Ransomware Recovery Without the Ransom

Last month, researchers at Cisco Talos revealed a weakness in the Thanatos ransomware code, making it possible for victims to unlock encrypted files without paying a ransom. ThanatosDecryptor is a free ransomware decryption tool available on GitHub.

Despite these available technologies, companies that have decryptors in place prior to an attack will likely face an uphill battle afterward; forensics and data recovery companies can provide additional assistance to those who need it. Even so, the threats are evolving, which is why antivirus and anti-data encryptor solutions are so important.

“The ransomware problem is truly a problem where prevention is far more effective than a treat-the-symptoms approach,” Carrier says.

In other words, companies shouldn’t get into the habit of waiting for researchers to reverse-engineer decryptor tools for every ransomware strain. The key to recovering from ransomware, without paying the ransom, is having a solid data backup strategy. “Backup systems should be isolated in ways that prevent attackers from encrypting data within this system,” Scott explains.

“A good rule of thumb is configuring backup accounts to be able to access production systems for reading data to back up, while preventing production accounts from having write access of any type to the backup. We have seen cases where the Domain Admin is compromised and is able to encrypt the backups, resulting in difficult and expensive recovery processes.”

Be Prepared — Get Everyone Involved

Many ransomware attacks occur through spear phishing, which brings us back to the people problem. “Companies need to continue to focus on end user education,” Scott says. “In addition to preparing users, companies should be focusing on reducing the attack surface, gaining more visibility into activity and securing the backup systems.”

IBM conducts cyber resiliency workshops to focus on these types of attacks as well as more targeted attackers. “Ransomware attacks are a highly coordinated ‘business,’ which is so developed that what was once acceptable security — like AV/AM/firewall — won’t be enough in today’s threat landscape. You need to do what is expected and then more,” says Carrier.

Listen to the podcast: What’s the Best Defense Against Cyberattacks? You Are

More from Data Protection

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Cost of data breaches: The business case for security AI and automation

3 min read - As Yogi Berra said, “It’s déjà vu all over again.” If the idea of the global average costs of data breaches rising year over year feels like more of the same, that's because it is. Data protection solutions get better, but so do threat actors. The other broken record is the underuse or misuse of technologies that can help safeguard data, such as artificial intelligence and automation.IBM’s 2024 Cost of a Data Breach (CODB) Report studied 604 organizations across 17…

Cost of a data breach: The industrial sector

2 min read - Industrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement.According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.These figures place the industrial sector in third place for breach costs among the 17 industries studied. On average, data breaches cost industrial…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today