The Rise of Enterprise Ransomware

Ransomware attackers are becoming increasingly sophisticated and professional in their approach. They’re targeting larger organizations, infecting hundreds of computers within them, and demanding higher ransoms. Furthermore, the costs incurred from the downtime of these attacks are skyrocketing, crippling organizations in the process.

But what has caused this shift in focus towards larger enterprises? Who and what are the main threats? And what security solutions should be in place to safeguard against these types of attacks?

Below we will examine the enterprise ransomware landscape, outline the key threats, and highlight the critical security technologies that every IT setup should include to combat the rise of enterprise ransomware.

Enterprise ransomware is ransomware is targeted at mid- and large-sized organizations. Public sector organizations, including local government and school districts, are frequent victims. However, private enterprises are also targeted. By attacking organizations with deeper pockets, cybercrooks are looking to increase their financial gains without increasing effort.

This shift towards larger prey has been coined as enterprise ransomware.

In terms of execution, you could say that ransomware attacks have come full circle. Early attacks were manual and targeted specific organizations. However, the evolution of technology and near omnipresence of the internet in society led attackers to automate attacks to maximize the probability of success.

Once you realize that an unexpected email message with a zipped file attachment more likely than not contains something bad, you can take steps to block all emails with zipped file attachments. If you know attackers are likely to use vulnerabilities in Microsoft Word or Excel to infect machines, you might disallow users from opening those types of documents if they’re downloaded from the internet or create rules that prevent users from enabling scripting technology like Office macros.

Most next-generation endpoint solutions and firewalls have incorporated these technologies and can now stop these attacks efficiently and effectively.

Attackers are additionally having logistical challenges managing high-volume attacks aimed at low value smaller businesses who struggle to access and pay with Bitcoin, the predominant cryptocurrency used in ransomware demands.

Attackers have therefore reverted to manual, coordinated, highly targeted and therefore unpredictable approaches which are far harder to detect and block. Attacks typically focus on a single organization with the aim of infecting as many internal systems as possible – ultimately bringing the victim to their knees.

This blended threat approach, coupled with access to now highly sophisticated technologies, is proving a deadly concoction for large corporations.

While it is the typically extortionate ransom fees that make the headlines, both the cost of the downtime inflicted by enterprise ransomware and the reputational damage to businesses are largely understated.

In May 2019, The City of Baltimore was held hostage by ransomware. The attackers demanded 13 Bitcoins – worth around $100,000. While this fee is staggering, the cost of downtime eclipses this and is estimated to have cost the city more than $18 million as the attack took down voicemail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations. Real estate transactions were also shut down.

Such downtime of course inflicts heavy reputational damage with corporate security strategies thrown into question and data integrity doubted. It is therefore of the utmost importance to remain ahead of the game and put in place steps to combat enterprise ransomware.

There are many methods of mitigation recommended for all types of ransomware, including patching early and often and enabling file extensions. Here are five best practices you can implement to mitigate against enterprise ransomware attacks specifically.

1. Lock down remote management

RDP is the most utilized deployment method for enterprise ransomware attacks. Locking down your organization’s RDP access and other management protocols is one of the most effective steps you can take to secure against targeted ransomware attacks.

There are numerous ways you can do this, such as require users be on a VPN before they can access RDP or restrict access to known IP addresses. Your organization’s firewall should be able to implement both methods.

2. Back up regularly and keep a recent backup copy offline and offsite

There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop, or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.

3. Monitor your network 24/7

Enterprise ransomware attackers are meticulous when it comes to attacking at the right time of day (or night). To minimize the attack window, it is essential to always monitor your network and put in place steps to detect and respond to threats as soon as they are discovered.

One way of achieving this is by implementing a Managed Threat Response (MTR) service. MTR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate more sophisticated and complex threats (synonymous with enterprise ransomware attacks).  Another option to implement Security Information and Event Management (SIEM) which is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.

4. Educate your workforce

Nearly every strain of enterprise ransomware attack includes a phishing element. Helping your employees to understand how to spot these bogus communications is critical in circumventing malicious access to your networks.

One way of doing this is by adding additional security awareness training and setting up regular simulated attacks and monitoring the performance against them. This will allow you to gauge your enterprise’s phishing attack readiness and ultimately the level of training required to prepare your employees.

5. Review the deployment and configuration of your IT cybersecurity implementation

Enterprises often have sufficient technology in place to safeguard against ransomware attacks, but it rarely deployed or configured in the most optimal way to do its job properly.

Proper deployment and configuration are key to reducing the surface area of attack and minimizing the risk and potential scope of propagation.

We’ve got you covered! Connect with our team to learn more about how our Security Solutions can help your business stay safe from cybersecurity threats like ransomware!