Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Shields Up: How to Minimize Ransomware Exposure

Organizations need to look beyond preventive measures when it comes to dealing with today’s ransomware threats and invest in ransomware response.

The ransomware attack on UnitedHealth subsidiary Change Healthcare has remained top of mind since its disclosure in February 2024. This incident highlights the attractiveness of data-rich healthcare firms to hackers and the increasing sophistication of cybercriminals. However, the Change Healthcare attack is merely the tip of the iceberg, with numerous ransomware attacks staying underreported in the media.

Ransomware has emerged as a highly profitable enterprise, evidenced by Change Healthcare’s payment of a $22 million ransom in bitcoin. In 2023 alone, payments made by ransomware attack victims doubled compared to the previous year, surpassing $1 billion, as reported by blockchain analysis firm Chainalysis.

A ransomware attack can swiftly cripple an organization, rendering it unable to access critical data and conduct business. Moreover, threat actors have evolved from merely infecting systems with ransomware to employing multi-faceted extortion tactics, which may include publicly naming and shaming victims, exfiltrating data, and threatening to disclose or sell it (e.g., Omni Hotels & Resorts, Nexperia, EquiLed).

While organizations may attempt to mitigate their exposure to such extortion schemes through cybersecurity insurance policies, this approach may no longer be as effective. Insurers like Lloyds are increasingly imposing restrictions on payouts, including the exclusion of losses related to state-backed cyber attackers. Consequently, fewer companies can rely on cybersecurity insurance to mitigate catastrophic risks. Instead, businesses must bolster their ransomware preparedness, with cyber resilience playing a pivotal role in enhancing their ability to prepare for and swiftly recover from ransomware attacks.

Mitigating Ransomware Exposure

Unfortunately, organizations often prioritize prevention tools without adequately preparing for the worst-case scenario: falling victim to a ransomware attack. To mitigate the risk of such attacks, organizations should consider the following steps:

  • Strategic Readiness: This encompasses cyber risk assessment, tabletop exercises, security awareness training, and secure data backups, alongside penetration testing.
  • Prevention: Implementing security measures such as patch management, application whitelisting, spam filters, least privilege, and deploying anti-malware and endpoint security software.
  • Incident Response: Investing in services and forensic tools to facilitate:
    • Investigation of the ransomware attack to determine its cause and secure evidence for litigation preparedness.
    • Remediation efforts to harden the environment, prevent further spread of the ransomware, and remove attacker access.
    • Eradication endeavors aimed at eliminating the attacker from the environment, including disabling accounts, resetting passwords, establishing multi-factor authentication, and ultimately eliminating the ransomware.
    • Recovery efforts focused on securely restoring business operations without risking reinfection of the infrastructure.

Ultimately, organizations need to look beyond preventive measures when it comes to dealing with today’s ransomware threats and invest in ransomware response, which improves their ability to prepare and quickly recover from ransomware attacks. 

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights