5 steps to stop Ransomware as a Service in its tracks

By VimalRaj Sampathkumar, technical head for United Kingdom and Ireland, ManageEngine [ Join Cybersecurity Insiders ]

The UK government’s annual Cyber Security Breaches Survey has revealed that 50% of businesses have faced a cyberattack or breach in the past 12 months. It’s a dangerous world out there, and one small slipup can be extremely costly. Organisations are doing their best to reinforce their digital walls, but it’s a constant arms race; for every security innovation, a new exploit is deployed.

Even as businesses invest in tools to bolster their frontline defences, attackers are seeking other, more creative ways to get in. A prevalent example is Ransomware as a Service (RaaS) operations. In these attacks, groups such as LockBit help paying customers deploy ransomware tools to extort businesses. This gun-for-hire delivery model massively expands the number of malicious actors who can use ransomware; in addition to being a way for cybercriminals to make a quick buck, ransomware can become a tool of revenge, competition, and corporate sabotage.

Ransomware is a particularly cruel form of attack; it’s direct, personal, and blunt. It forces the victim to respond rather than silently removing data or payment information. Though the damage caused may be much the same in the end, for IT teams and senior decision-makers, it’s a deeply stressful process. Do you negotiate with your attacker? Pay to get your data back, with no guarantee they’ll comply? Risk being marked as a soft target for other attackers?

Furthermore, the problem is getting worse. Ransomware attacks have become increasingly prevalent in recent years. In 2023, they increased 95% compared to 2022, striking organisations of any sector and size. There’s no typical victim; ransomware can target any organisation. That means all organisations need to take steps to reduce the risk of a successful ransomware attack.

Here are five key actions that all organisations should consider to protect themselves from RaaS:

1. Train your employees well

The first step to preventing ransomware attacks is to train your staff on cybersecurity best practices and conduct red team exercises, which are simulated attacks that give your employees the chance to learn the best practices by putting them into action. Additionally, you can ensure employees stay up to date on your organisation’s current cybersecurity policies by conducting security skill assessments on a regular basis. Since ransomware attacks are usually carried out through social engineering tactics (which trick people into clicking links, opening files, or sharing login credentials), employees must be educated on how to spot phishing emails or malicious websites so that they will be less likely to unwittingly grant hackers access to company systems.

2. Control user access intelligently

Another way to reduce the risk of ransomware attacks is to limit access and permissions to only what users need. Role-based access controls can significantly reduce the possibility of a data breach. Following a Zero Trust approach by using 2FA or MFA enhances endpoint security because ransomware actors can’t gain access without secondary authentication. Automated, data-driven ID management systems are becoming increasingly intelligent, allowing for access to be withheld on the basis of the user’s geographical location, their behavioural patterns, the time of day, and even physical data like their typing speed.

3. Back up your backups

Backing up all your important files frequently could act as a lifesaver if you suffer a ransomware attack. You won’t lose access to confidential information and can resume operations with minimal downtime. You may even avoid having to pay the ransom, although having a backup doesn’t stop attackers threatening to sell the personally identifiable information they’ve obtained. It’s best to make backups on external drives and cloud servers and to follow the 3-2-1 backup rule: Have three copies of your data on two different media with one saved off-site.

4. Update regularly and configure firewalls

Systems or software that aren’t periodically updated or patched are highly vulnerable to attacks, and hackers target them to penetrate networks and access sensitive data. Keeping your applications, systems, servers, and antivirus solution up to date and equipping yourself with an extended detection and response tool can help prevent attacks. You can go a step further in protecting your network by configuring firewalls that filter out and block suspicious activities in the first place. Also, you should consider investing in an endpoint protection platform because it’s often the best bet when it comes to defending against viruses and malware, including ransomware.

5. Segment your network

Once a system is infected, the ransomware spreads like wildfire into other connected systems. Segmenting your network into various subnetworks helps prevent the ransomware from entering the main network and gives IT security teams the needed time to take remedial action.

Ransomware is a highly dangerous attack type that puts organisations’ customers, reputations, finances, and even viability at risk. With the right defences in place, and with employees properly prepared to spot and evade social engineering attacks, businesses can maximise their chances of avoiding a successful attack and stopping ransomware in its tracks.


No posts to display