Imagine this: You’ve worked tirelessly over the past month to create a video tribute for your best friend’s wedding reception. You’ve added the right pictures, overlaid it with music to create nostalgic memories of your friendship, and edited it to perfection. The couple has ensured they have every detail taken care of, from selecting the perfect venue to choosing an outstanding menu. Your video tribute will be the “icing on the cake” and the last touch to finalize their perfect day.

Just when you are about to kick your feet up and toast the completion of the video, you save the video file and an odd message pops up: “The files on this laptop have been encrypted. Submit payment within 48 hours or your files will be destroyed!” That perfect day just took a downturn because you’ve been hit with ransomware.

Now imagine how easy it could have been to get infected with the same malware at work. Businesses can encounter similar scenarios — but they have way more at stake. Ransomware attacks can disrupt business operations, causing companies to experience hours or even days of downtime, and possibly cause the business to completely shut down.

So how can you help prevent a ransomware attack? Prevention is no easy feat, but some steps can be taken to reduce the risk of opportunistic attacks. In a recent Enterprise Strategy Group (ESG) study, “Incident Readiness Trends: Do Confidence Levels Match Preparation Efforts?,” 80 percent of cybersecurity decision-makers report that their organization has already engaged in ransomware incident readiness activities, making sure they have a plan in place in case an attack does occur.

Download the full infographic.

However, if ransomware is already in your environment, there are a few remedies available. An attack of this sort on company networks can affect thousands of devices, be costly and certainly disrupt business. Review these recommendations to learn about steps your team can take to mitigate the risk of an attack. If you can implement these tips, you should have a better chance of shifting from detection of ransomware to readiness and response.

Build a Security-Aware Culture

Ransomware is another type of malware among many others, and it can spread widely starting with a mere human error. For example, this could happen with an employee falling prey to social engineering techniques that encourage them to open a malicious email. By training employees or users to identify suspicious emails, enterprises can significantly reduce the probability of ransomware infections.

Ensure You Have Backups

A consistent defense against ransomware includes having backups — and more than just one. Backup redundancy and keeping backups both offline and in the cloud, then testing them periodically, can help with recovery plans if an attack ever affects the business.

Backup runs should occur frequently and have a tested restore process. Companies that back up their data can minimize the impact of ransomware attacks since only hours of data are lost instead of months or years. The backup should also be tested on a periodic basis to ensure it can restore all files and asset configurations in their uninfected state.

Embed Threat Intelligence

Monitoring your network can provide you with a second set of eyes within your security environment. However, monitoring technology and tools are only as good as the information feeding into it. Having the latest threat intelligence is vital if you want to get better at spotting a looming ransomware attack, stay up to date as ransomware evolves, and learn current tactics you can use to prevent this sort of infection from spreading.

There is no “magic strategy” or one-time solution to stop today’s threats. Although you might take every possible precaution to prevent ransomware from accessing your network, your defensive strategy may not be completely threat proof. This is why it is vital for organizations and their security teams nowadays to be proactive and take steps to detect ransomware on time, contain it, manage response and have a recovery plan in place. This overall strategy can help significantly reduce the potential impact of such attacks on your business.

Download ESG’s 2019 Incident Readiness Trends Report

More from Advanced Threats

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Detections That Can Help You Identify Ransomware

12 min read - One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today