An Anti-Ransomware Strategy

As Ransomware continues to evolve, the threat actors' playbook has become more sophisticated, with Ransomware code being bundled and delivered with other malware as part of targeted campaigns to surveil, evade, steal credentials, and exfiltrate data before encrypting files to enhance leverage against victim organizations and provide greater financial gains, commonly referred to as "DOUBLE EXTORTION".

Organizations are being targeted by human operated Ransomware attacks3 for "BIG GAME HUNTING" returns and to take advantage of vulnerabilities in systems, applications, and cloud configurations at strategic targets, as nearly six in 10 successful attacks (59%) include data in the public cloud5. Commodity malware6, which has recently been tailored and deployed in COVID-19 themed phishing campaigns, is just one of many ways that enable threat actors to land and expand in organizations' networks, resulting in lateral movement, escalation of privileges, exploitation of vulnerabilities, and data exfiltration.

Key highlights

An organization's posture if it suffers a Ransomware attack, and its allocation of resources to resolve vulnerabilities in line with risk tolerances and cyber security program goals and objectives, is critical to successfully preventing and responding to Ransomware attacks. Not all organizations will experience a Ransomware attack, but they must plan for the eventuality and be prepared to respond if an attack occurs. This white paper covers leading practices we have observed including decreasing the attack surface, hardening the perimeter, segmenting or micro-segmenting networks, having least privilege or Zero Trust access policies and controls, effective and timely patch management of IT system vulnerabilities, and network analytics and digital behavior monitoring.