The scale of the ransomware menace is mind-boggling – various reports estimate a cost of $20 billion for 2020 alone, a 57X increase over 2015 – and it is becoming even more sophisticated through artificial intelligence and other techniques.
The costs continue to rise. Just recently, JBS, the world’s largest meat supplier, suffered a ransomware attack. The resulting disruption to operations is expected to significantly impact consumer prices for beef and pork in the U.S., Canada and Australia.
Beyond the direct financial costs, though, lie other, even more damaging impacts. Loss of brand reputation, angry customers, lost sales opportunities and productivity, fines and penalties for unmet obligations and other ‘soft’ costs, in addition to the costs of remediation and recovery, quickly add up.
As many sources have reported, 2020 had the most cyberattacks of any year on record. This was largely because so many people started working from home. The shift was so sudden that companies were left desperately searching for ways to mitigate attacks while accommodating remote workers in the COVID-19 era.
Ransomware was no exception to this shift. With growing sophistication and effectiveness, ransomware is entering a booming age. Given that, it’s not hard to predict what is going to happen – unless we all get a lot smarter, and quickly, the ransomware problem is going to get worse as we move through 2021.
However, this does not mean that there is no hope for those responsible for defending the network. In addition to maintaining offline or cloud-based backups, there are many endpoint and network protection solutions that can help prevent and defend against ransomware, for example.
Protection at the Endpoint
Endpoint protection platforms offer next-generation antivirus, IPS and other tools to detect and remove malware like ransomware. In other words, it forms one of the many necessary layers of security at the enterprise digital perimeter. Further, endpoint protection platforms also boast tools such as email security that block phishing emails, which often carry ransomware payload links.
Endpoint detection and response (EDR) can extend protection capability. It scans endpoints and applications for signs of infection, then sends an alert to the security team. These alerts accelerate investigation times, and EDR can often freeze suspicious processes or programs until an investigation commences. With the right tools, ransomware can be caught and removed before it exfiltrates and/or encrypts data.
Defending the Network
Network detection and response (NDR) and network traffic analysis (NTA) solutions can form a strong first line of defense. These defenses monitor east-west traffic with advanced artificial intelligence and machine learning techniques to detect, analyze and respond to threats that might otherwise be hidden from admins. For example, abnormal traffic analysis has the potential to detect large amounts of data exfiltration (one possible indicator of a ransomware attack) and alert the security team to respond.
NDR can also detect connections to known ransomware control sites through botnet C&C prevention. Some (but not all) ransomware operations use a command-and-control (or C&C) structure to conceal the attacker’s location and identity. A variety of techniques are used to detect, block and/or divert C&C communications, effectively ‘cutting off the head’ of the botnet and rendering it inoperable.
In addition, the secure access service edge, or SASE, can address today’s most common security challenges arising from more applications living outside the data center, sensitive data stored across multiple cloud services, and users connecting from anywhere and on any device. SASE combines SD-WAN and VPN services, as well as cloud-based and other security services, to provide broad protection.
If this information is helpful to you read our blog for more interesting and useful content, tips and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query.
Content curated by the team of COMPUTER 2000 on the bases of marketing materials provided by our partners.
Follow us to learn more
Let’s walk through the journey of digital transformation together.