Strengthening Ransomware Resilience
Preparation is the best defense
Chances are that your business will be hit by ransomware attacks at some point, its time to get 'digitally vaccinated' to minimise the potential harm
Ransomware attacks are not going away anytime soon, hence every organization needs to enhance its digital immunity.
Perpetrators have every incentive to increase their activities and continue to innovate their forms of attack. Ransomware attacks can occur remotely as a result of downloading malware, or can occur when an attacker gains access inside an organizations network.
Despite the innovations in form, the basic ransom tactics remain simple and crude – get inside the targets’ defenses, grab a hold of something sensitive and apply pressure until target pays.
Ransomware attacks might not be going away but astute organizations can take steps to transform this risk from a potentially devastating crises to an on-going but low-level annoyance.
Achieving strong ransomware resilience means building capabilities to:
a) minimizing risk of initial attack, through perimeter defences such as staff training in digital hygiene, email scanning products, firewalls, antivirus/anti-malware software and penetration testing, and
b) mitigate the impact of attack, by boosting your digital immune response to defeat the attack and minimize the opportunity for material harm
Ransomware attackers, once they have secured a foothold, typically seek to apply coercive commercial in one of three ways:
- Encrypt + Deny – encrypt the targets data, or temporarily disable some or all systems. Pay to have them released.
- Covertly Corrupt – change data in ways that are potentially damaging to the business in a manner that is hard to detect. Pay to have the changes highlighted or reverted
- Steal + Release – steal sensitive data and threaten release. Pay or find yourself on the front-page of tomorrows news
Boosting your digital immune response
Because no line of defense is ever perfect it is also essential to create a strong second line of defense which by analogy forms the organizations’ digital immune response which can be broadly categorized as three supporting capabilities:
- Purge – detect and eliminate malware and persistent hackers
- Protect – limit the damage any attacker can inflict within tolerable range
- Restore – reliably return systems and data to a known state
As a specialist in enterprise encryption, Randtronics’ particular contribution to enhancing your Ransomware resilience is protect your data and minimize the opportunity for an attacker to exert coercive pressure during a ransomware attack.
Randtronics DPM via the DPM easyCipher provides the means to:
a) encrypt sensitive data in files, databases and folders
b) tightly control who has the ability to access data in the clear, limiting access to explicitly authorized application and users, and restricting access to all others including privileged users
Step 1: Install DPM easyCipher agents on servers, laptops or Kubernetes containers holding sensitive data: files, databases or folders
Step 2: Define policies that limits access to decrypt data to explicitly authorised users and programs
Result: Air-gap separation between your sensitive data and all but those users and programs granted explicit access
Latest news and articles
This week the news broke that Mandiant (an incident response firm) attributed the recent cyberattack campaign targeting customers utilizing Barracuda’s Email Security Gateway to hackers