Without a ransomware recovery strategy, companies sometimes end up paying to retrieve their data after an attack. At the same time, threat actors are growing more sophisticated in their ability to bypass both antivirus and anti-ransomware tools — thus, they’re also growing bolder. To stay ahead of the curve, organizations will need to develop more complete defense systems and recovery plans.

Putting Prevention First

Recent research from the Ponemon Institute found that the majority of responding companies (69 percent) don’t trust antivirus solutions to stop threats, while CIO Dive revealed that 81 percent of cybersecurity experts predict an increase in ransomware attacks in 2018. Furthermore, human error only increases the potential of a successful ransomware attack. So it’s up to security practitioners to take steps to prevent an incident, and the first of those steps should be to focus on IT hygiene, said Christopher Scott, CTO, global remediation lead, IBM X-Force IRIS.

“IT departments should focus on keeping endpoints up to date to reduce the attack surface for ransomware attacks,” Scott advises. “Security groups should look to embrace endpoint detection and response (EDR) technology to detect these attacks earlier to reduce the overall impact.”

Once they have taken the time to fully examine and improve their IT hygiene, companies can start preparing for a ransomware attack. According to Bruno Carrier, IT security strategist at BoldCloud, a layered defense strategy is the best guard. Carrier suggests that a strong defense against ransomware should include:

  • Antivirus or anti-malware solutions that are active and up to date;
  • Anti-data encryptors, which can prevent malware from locking your data access;
  • Anti-spam, which is an essential tool for reducing a business’s exposure to email-borne threats such as suspicious links, malicious downloads, malware-laden websites, etc.;
  • Backup storage for your files, whether cloud-based or on-site, including a full disk image with all installed programs ready to be restored; and
  • Awareness and security training to help employees recognize what types of emails to avoid and which links are safe to visit.

Ransomware Recovery Without the Ransom

Last month, researchers at Cisco Talos revealed a weakness in the Thanatos ransomware code, making it possible for victims to unlock encrypted files without paying a ransom. ThanatosDecryptor is a free ransomware decryption tool available on GitHub.

Despite these available technologies, companies that have decryptors in place prior to an attack will likely face an uphill battle afterward; forensics and data recovery companies can provide additional assistance to those who need it. Even so, the threats are evolving, which is why antivirus and anti-data encryptor solutions are so important.

“The ransomware problem is truly a problem where prevention is far more effective than a treat-the-symptoms approach,” Carrier says.

In other words, companies shouldn’t get into the habit of waiting for researchers to reverse-engineer decryptor tools for every ransomware strain. The key to recovering from ransomware, without paying the ransom, is having a solid data backup strategy. “Backup systems should be isolated in ways that prevent attackers from encrypting data within this system,” Scott explains.

“A good rule of thumb is configuring backup accounts to be able to access production systems for reading data to back up, while preventing production accounts from having write access of any type to the backup. We have seen cases where the Domain Admin is compromised and is able to encrypt the backups, resulting in difficult and expensive recovery processes.”

Be Prepared — Get Everyone Involved

Many ransomware attacks occur through spear phishing, which brings us back to the people problem. “Companies need to continue to focus on end user education,” Scott says. “In addition to preparing users, companies should be focusing on reducing the attack surface, gaining more visibility into activity and securing the backup systems.”

IBM conducts cyber resiliency workshops to focus on these types of attacks as well as more targeted attackers. “Ransomware attacks are a highly coordinated ‘business,’ which is so developed that what was once acceptable security — like AV/AM/firewall — won’t be enough in today’s threat landscape. You need to do what is expected and then more,” says Carrier.

Listen to the podcast: What’s the Best Defense Against Cyberattacks? You Are

More from Data Protection

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Data residency: What is it and why it is important?

3 min read - Data residency is a hot topic, especially for cloud data. The reason is multi-faceted, but the focus has been driven by the General Data Protection Regulation (GDPR), which governs information privacy in the European Union and the European Economic Area.The GDPR defines the requirement that users’ personal data and privacy be adequately protected by organizations that gather, process and store that data. After the GDPR rolled out, other countries such as Australia, Brazil, Canada, Japan, South Africa and the UAE…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today