Ransomware, like other modern technologies, continues to evolve and grow in sophistication, increasing your company’s risk of a debilitating breach. Ransomware attacks are now a top concern for CISOs and board rooms alike, costing US businesses over $50 million in 2021.(1)
Between February 2019 and March 2020, the volume of ransomware attacks increased by 148%. In the first half of 2021 alone, ransomware attacks rose an additional 93%.(2) Fueled by a growing ecosystem that includes ransomware-as-a-service, network access brokers, and dark web leak sites that sell victims’ data–ransomware is a new concern for every security team, risk manager, and board member. The risk of extortion has unfortunately become as common as the risk from the competition.
Since over 90% of cyberattacks begin with a spear-phishing email(2), it makes sense that organizations begin by protecting user inboxes in their effort to prevent ransomware attacks. But is monitoring email or limiting download file types enough? How must SecOps teams look beyond email intrusions to neutralize ransomware infections? The fastest, most capable way of achieving that comes from managed detection and response services.
How Do Email Attacks Happen?
For most companies experiencing rapid digital transformation or adaptation due to remote work and the skills shortage, phishing has become a common challenge. But, how do these email attacks happen?
“There are many ransomware actors and many types of ransomware attacks, ranging from highly skilled attackers focused on individual targets, to lower-skilled operators who use a general ‘spray and pray’ approach.”— Sophos State of Ransomware, 2022
Attackers use multiple methods and techniques to launch an email attack campaign. Thousands of messages are sent, but it only takes one respondent to grant an attacker access or initiate a ransomware sequence. Phishing emails often manipulate victims by creating a sense of urgency in the message, clouding their judgment. The sense of urgency mixed with the same phrases, logos, and email signatures used internally can cause a reader to easily fall victim to a phishing attack.
What Does Ransomware Cost the Business?
On average, victims of ransomware report recovery time of one month, a long time for an organization to halt operations. The true cost of a ransomware attack must include loss of revenue, damage to brand reputation, the cost of ensuring infected systems are sanitized, and the cost of hardening future defenses.
According to a 2022 ransomware survey by Sophos, the number of victims paying ransoms of $1 million or more has increased dramatically. This is almost a threefold increase over the previous year, from 4% in 2020 to 11% in 2021 (The State of Ransomware 2022.) In parallel, “the percentage paying less than US$10,000 dropped from one in three (34%) in 2020 to one in five (21%).”
“Overall, the average ransom payment came in at US$812,360, a 4.8X increase from the 2020 average of US$170K”— Sophos State of Ransomware, 2022
How Do Teams Minimize Threats?
There are three key strategies to minimize ransomware threats through email: prevention, detection, and response. Within each strategy, there are key actions to assist every step of the way.
Even though security teams are acutely aware of ransomware, attacks still take many companies by surprise. Often, organizations fall victim to these attacks because they lack basic preventative security hygiene measures or fail to develop disaster recovery plans. Preventative security involves protecting the integrity of an organization’s data, the enterprise, the cloud, and assets through Data Governance & Backups, Training & Assessments, Email Security & Other Security Technologies, Vulnerability Management, and Identity and Access Management Methods.
Businesses should work with an MDR provider that can assist in ransomware prevention by offering rapid, coordinated, and automated services to stop attacks from achieving their final objective or to minimize the overall impact an attack has on an organization.
Threat detection requires understanding and analysis of threats that target business systems, networks, and devices. Detection technologies help to prevent the delivery of a ransomware payload, by looking for both known and unknown threats. Companies can benefit by implementing Endpoint Detection and Security (EDR), Threat Hunting, Security Information and Event Management (SIEM), Machine Learning (ML), and Artificial Intelligent (AI).
A comprehensive ransomware readiness approach also includes response and remediation strategies to minimize an attack’s impact and gather critical forensic evidence. As part of response efforts, organizations should implement Incident Response, Attack Planning and Tabletop Exercises, Response Technologies and Services, and Remediation. MDR providers can often assist with these implementations, participating in exercises and helping organizations.
Importance of Managed Detection and Response
Managed Detection and Response helps organizations improve visibility across security operations programs. MDR providers can correlate and detect attacks across millions of transactions. Today more than ever, businesses need speed, agility, and adaptability to keep up with increasing threats and changes in the threat landscape. An effective security operations program requires 24/7/365 monitoring using an analytics-driven SIEM.
MDR providers can augment the in-house team with security experts and expertise to help staff & retain security operations center (SOC) resources, utilize existing solutions to improve ROI by maximizing the value of your existing tools, and optimize security investments and gain network effects from wider customer base & threat research.
These additional security measures can accelerate a company’s overall security maturity, significantly reducing the threat of ransomware attacks and other phishing-based attacks.
Faced with ransomware attacks that are growing in volume and sophistication, a growing number of SecOps teams choose MDR services to quickly and thoroughly defend their organizations from ransomware. To start, organizations must start with advanced email protection efforts, and add detection and response capabilities.
Not all security teams have the technology or staff in place to detect and respond to ransomware threats in real-time or around the clock. Many security organizations that utilize detection technologies such as SIEM and SOAR solutions lack the staff or expertise to fine-tune new tools or act on the data they provide. By choosing an MDR partner like Deepwatch, companies can implement advanced email security, detect and respond to ransomware threats faster, and improve their security posture to mitigate future risks.
- FBI IC3 2021
“According to the FBI, a cybercrime was reported every 37 seconds in 2021, with ransomware losses from reported incidents reaching $50 million in the US.”