Cybersecurity Tactics to Prevent Ransomware
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.
When ransomware created a niche for itself in the cyberthreat landscape, it was categorized as scareware, similar to FAKEAVs that used fake scan results to frighten victims into paying for bogus antivirus software. Slowly, more successful ransomware families progressed into something more threatening as they began to encrypt files. But even these tactics lost their edge over time. Organizations adapted. People realized that simple security measures like regular backup practices can significantly reduce a ransomware attack’s damage. In addition, ransomware actors had a “shotgun” approach (indiscriminately distributing their malware) that allowed antivirus providers to develop solutions to defend against them. In a sense, ransomware notoriety diminished from a hazard to a nuisance. Unfortunately, this was only temporary.
2020 seemed conducive to the development of new ransomware to a narrowing range of targets. Overall, there was an increase of new ransomware families, from 95 in 2019 to 127 in 2020, despite the decreased detection of ransomware-related components.
Cybersecurity Recommendations Against Ransomware
Like with any cyberthreat, prevention is still key. Organizations should be knowledgeable of the current techniques and components being used by ransomware operators. Taking note of the four stages of a ransomware attack can help in identifying signs of intrusion such as phishing emails and possible openings like unpatched vulnerabilities.
Suggested cybersecurity recommendations include:
- Regularly back up files. Despite current developments, backups still provide a significant safeguard against ransomware encryption and other cyberthreats.
- Limit access to shared/network drives and turn off file sharing. This minimizes the chances of spreading a ransomware infection to other devices.
Employ secure authentication strategies. Enable options such as multi-factor authentication to deny threat actors access to accounts. More about this topic with our cyber-readiness guide.
This article was written by Magno Logan, Erika Mendoza, Ryan Maglaque, and Nikko Tamaña