Ransomware attacks on enterprises of all sizes across virtually every industry sector are on the rise. As of 2021, at least one business became infected with ransomware every 11 seconds, all contributing to a global cost of $20 billion a year.
From Kroll’s perspective, we know that every organization can be a victim because a successful ransomware attack is within the reach of cybercriminals everywhere.
Some threat actors are meticulous planners, deftly mapping internal networks to identify core business functions and sensitive data storage, even going so far as to research a company’s financials to gauge how big a ransom they can afford to pay. At the other end of the spectrum, creators of “ransomware-as-a-service,” who simply demand a percentage of the ultimate ransom, have opened doors for an entirely different class of cybercriminals who can now launch attacks with minimal risks against a wider range of targets.
While it is nearly impossible to prevent all ransomware attacks, security and risk management professionals can take proactive steps to neutralize or mitigate their harm. Basic cyber hygiene remains critical. First, businesses must take the time to accurately document the entire configuration of their network on regular basis.
When a local government was victimized by ransomware, it impacted the municipality’s police and fire dispatch systems, online utility payment system, centralized accounting system and many other critical segments on its network. Unfortunately, the IT director was unaware of how many servers were on the network. This lack of awareness delayed the initial remediation, especially when combined with limited viable backups for restoration.
– Matthew Dunn, Associate Managing Director, Cyber Risk.
Second, data mapping inventories are more important than ever. In recent years, many ransomware actors have started threatening to release stolen data to increase the pressure on victims to pay the ransoms. Almost overnight, ransomware attacks morphed from mainly expensive operational disruptions to crises fraught with regulatory data privacy and breach notification regulations. For companies looking to minimize risk, it is imperative for them to know what kind of data they have in their possession and everywhere it is collected, used and stored.
In our experience, there are seven fundamental security steps companies can take to immediately add layers of protection from ransomware:
Kroll’s ransomware preparedness assessment can help companies identify where their defenses are strong and any vulnerabilities that may be exploited by ransomware actors. Our methodology focuses on the cyber kill chain, a comprehensive examination that includes remote access configuration, phishing prevention, email and web protections, access controls and endpoint monitoring and end user awareness.
As part of our assessment, we will provide a prioritized, customized set of recommendations to help the organization deflect, detect or respond more effectively to a ransomware attack.
Kroll cyber experts will first focus on controls, processes and technology solutions to lower the risk of ransomware-based attacks. During this step, we will:
Kroll will also interview technical team members to assess any secondary defensive measures that might be in place to protect against email-based attacks. This review will include:
In our experience, ransomware protection starts with the adoption of fundamental security practices bolstered by some more advanced strategies informed by data we collect on the frontline. With Kroll’s help, a company can build smarter defenses, close gaps, strengthen vulnerabilities, better safeguard sensitive data and more quickly respond and recover from an attack. Call Kroll today for a customized ransomware protection assessment.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Find, collect and process forensically useful artifacts in minutes.
Effective third-party breach management helps reduce claim complexity and cost.
Safely perform attacks on your production environment to test your security technology and processes.
Efficiently assess and confidently track the security and resilience of third parties with CyberClarity360, a robust third-party cyber risk management solution.
Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.
by Keith Wojcieszek, Ryan Hicks, George Glass
by Rahul Raghavan
by Laurie Iacono, Keith Wojcieszek, George Glass
by Louis Muniz, Brett Davido