Ransomware continues to be a significant threat to organizations of all sizes. While the Sophos State of Ransomware 2024 report shows ransomware attacks across the board are down from its 2023 report (which is thought to be because of law enforcement action), a report from Mandiant published yesterday indicates that despite global law enforcement coordination, the number of incidents continue to rise unabated. The report shows the third quarter of 2023 saw a peak in victims listed on ransomware groups’ data leak sites (DLS), with almost 1,400 listed victims. This is a 75% increase compared to 2022.  

As ransomware attacks continue along this trajectory, and as attackers are constantly changing their tactics, the likelihood of any organization experiencing a ransomware attack is higher than ever. This highlights the importance of proactive ransomware protections and strategies. SC Media shares a few such strategies members can utilize to help improve ransomware attack outcomes in the face of an attack. Some of these include:

• Better vulnerability management. With system vulnerabilities as the top successful attack vector, putting effort into a successful patch management and vulnerability management program will significantly decrease the chances of experiencing a ransomware event.
• Implement MFA. Multifactor authentication (MFA) is also an essential security measure that goes a long way in helping secure an organization, specifically against ransomware. It’s important to regularly ensure that MFA is enabled.
• Adopt zero trust principles. Adopting a zero-trust architecture will make it more challenging for attackers to gain entry, and if they do succeed in gaining initial access, they will find it much more difficult to move laterally within the environment. See NSAs recent Cybersecurity Information Sheet for more resources on utilizing zero-trust principles.
• Boost security awareness training. Since phishing emails are another major method for attackers to compromise systems, updating and regularly conducting security awareness training to identify phishing emails is also essential. See previous WaterISAC coverage for more resources on adapting phishing training methods.
• Protect backups. As it’s common for ransomware attackers to target backups for compromise, organizations need to maintain frequent offline backups and make sure they are well protected. Backups should be regularly tested and validated to ensure they are functioning properly.

While there’s no guaranteed way to avoid being a victim of a ransomware attack, focusing on resilience and prevention can often go a very long way toward safer and better outcomes. Focusing on these and other resilience strategies can be the difference between a serious security breach and one that was effectively mitigated. For more information, visit SC Media.