Ransomware has been running rampant this year forcing organizations of all sizes to deal with response and recovery after files have been encrypted and exfiltrated. Security journalist David Bisson summarizes six trends that all organizations should keep in mind for ransomware defense strategies:
- Backups are necessary to restore encrypted files and systems, but when ransomware strikes, assume data breach too.
- Ransomware gangs are not working alone. Multiple groups are joining together to form public auctions and cartels.
- Ransomware is often deployed in combination with other malware.
- Just like other types of phishing campaigns, ransomware proliferated by phishing uses topical events, including COVID-19 themes for maximum effectiveness.
- Fortunately, it is not all doom-and-gloom. With many ransomware investigations getting federal attention, authorities are able to better track threat groups and make subsequent arrests.
- As if encryption and exfiltration is not enough, some researchers extrapolate that ransomware groups may resort to another form of extortion – deepfake ransomware, an evolution of the sextortion scheme.
Read more at Security Intelligence
WaterISAC continues reminding members to plan for the worst and hope for the best. When it comes to ransomware, regularly:
- Review and discuss ransomware and data breach playbooks/policies/procedures, and keep them up-to-date.
- Evaluate cyber insurance policies to confirm proper coverage
- Send out security awareness reminders to all staff on how phishing is a very common initial infection vector for ransomware, and how malicious actors send phishing emails well in advance of the ransomware actually executing/encrypting.
- Remind staff not to open attachments or click on links contained in emails, even if the email looks like it is from a trustworthy source. And if they already have received and/or actioned a suspicious email, encourage them to report the event now.
- Check device and network logs and events for potential intrusions, and consider configuring alerts for changes to files.
- Test your backups before you need them and make sure you have a valid tested copy stored offline.
- Report ransomware incidents to authorities (and WaterISAC).