What it is and what to do about it
Cybercriminals use malicious software, often delivered as an email attachment or link, to infect the network and lock email, data, and other critical files until a ransom is paid. These evolving and sophisticated attacks are damaging and costly. They can cripple day-to-day operations, cause chaos, and result in financial losses from downtime, ransom payments, recovery costs, and other unbudgeted and unanticipated expenses.
Recently, criminals have refined their tactics to create a double extortion scheme. They base their ransom demands on research they perform ahead of the attack. They steal sensitive data from their victims and demand payment in exchange for a promise to not publish or sell the data to other criminals. Since criminals cannot be trusted, victims who pay are often contacted several months later and asked for another payment to keep the stolen data secret. Some ransomware criminals will accept payment but sell the data anyway.
How to protect against ransomware:
- Do everything you can to prevent credential loss. Implement anti-phishing capabilities in email and other collaboration tools, and consistently train your users for email security awareness.
- Secure your applications and access. Besides using MFA, you should also implement web application security for all your SaaS applications and infrastructure access points. Application vulnerabilities are often hidden in the application code or underlying application infrastructure; therefore, you must protect your applications from the OWASP Top 10 threats. If you have API interactions in your application, you should also make sure you are covered for OWASP API Security Top 10. Along with application protection, try to reduce the amount of access you provide to your users wherever you can. If you can, narrow down to the least amount of access your users need to be productive. It’s best to implement Zero Trust Access based on endpoint security postures.
- Back up your data. Stay current with a secure data protection solution that can identify your critical data assets and implement disaster and recovery capabilities. That way you can be confident about saying no to ransomware criminals.