7 key areas to bolster your ransomware defenses 

The past year brought more than its share of challenges, and one of the biggest ones for many organizations was the fact that ransomware attacks became more common – and more costly.

Recent research from SonicWall showed that ransomware attacks increased 62% from 2019 to 2020.¹ And according to Sophos, the average cost of remediating a ransomware attack more than doubled during the past year, from $761,106 in 2020 to $1.85 million in 2021.²

These attacks grow more expensive as the individuals and organizations behind them realize that, in many cases, they can take more – and more valuable – data assets than they have taken in the past. As recently as a few years ago, a typical ransomware incident would involve locking an organization out of a handful of files and extorting a ransom of several thousand dollars. Today? Attackers might attempt to capture the entirety of a company’s production data and backups and extort a large ransom, threatening to make public not only the data but also the occurrence of the breach itself.

Additionally, hacking organizations are getting more sophisticated – and not just in terms of their methods. They’re becoming more operationally advanced, too. In fact, a few even offer “customer service” lines that victims can call in order to learn about paying off the ransom.³

Bolstering your ransomware defenses

Multiple layers of defense and multiple controls need to be bypassed for ransomware to succeed. To ward off these attacks – and to mitigate damage when attacks occur – organizations need to periodically review their various safeguards and make enhancements as threats evolve.

To bolster your ransomware defenses across the board, evaluate these key cybersecurity functions on a regular basis:

1. Email and web content filtering

• What kinds of messages and attachments can be delivered to employees via email right now? 
• Are we using the right tools and methods to identify suspicious content? 
• Do employees have the ability to reach potentially malicious websites?

2. Security awareness

• How well are employees trained on cybersecurity awareness?
• How capable are they when it comes to spotting suspicious messages?
• Do employees understand protocols for reporting suspicious activity, including ransomware?

3. Endpoint protection

• What antivirus and other detection-and-response defenses do we have on our systems?
• Are these protections and tools optimally layered?
• Can we quickly contain the damage at a particular endpoint?

4. Propagation

• Are we focused on limiting the avenues for privilege escalation?
• Do end users have excessive permissions on their systems and others?
• Are file shares properly restricted to users with business requirements?

5. Data backups

• Are data backups properly segregated from the corporate network?
• Are we backing up data frequently enough?
• Are backups actually working?
• Have backup procedures been tested?

6. Data exfiltration

• What channels can be used by hackers to move data around the network and to the internet?
• Can those channels be locked down permanently or quickly if needed?

7. Incident response

• Can we formulate an effective response in a timely manner?
• Do we have the right people and skill sets to address breaches?

¹ “2021 SonicWall Cyber Threat Report,” SonicWall, 2021, https://www.sonicwall.com/resources/white-papers/2021-sonicwall-cyber-threat-report/
² “Ransomware Recovery Cost Reaches Nearly $2 Million, More Than Doubling in a Year, Sophos Survey Shows,” Sophos news release, April 27, 2021, https://www.sophos.com/en-us/press-office/press-releases/2021/04/ransomware-recovery-cost-reaches-nearly-dollar-2-million-more-than-doubling-in-a-year.aspx
³ Brian Barrett, “Ransomware Has Gone Corporate – and Gotten More Cruel,” Wired, Aug. 26, 2020, https://www.wired.com/story/ransomware-gone-corporate-darkside-where-will-it-end/