There seems to be a new ransomware story every day - a new ransomware attack, a new ransomware technique, criminals not providing encryption keys after receiving ransom payments, private data being publicly released by ransomware attackers—it never ends.
Just last month, the FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a report warning of an imminent threat of ransomware attacks on US hospitals and health care providers.
The list of ransomware variants is long and growing, including Maze, Ragnar Locker, Netlocker, Wastedlocker, FTCode, Tycoon, TrickBot, REvil, and many more.
Ransomware uses a variety of techniques to infect systems and ultimately steal and/or encrypt a company's files. Many of the techniques are known, but new, unknown techniques can arrive at any moment.
SMEs Are Particularly Vulnerable
A recent whitepaper about new ways XDR platform protects from ransomware [download here] notes that small to medium-sized enterprises (SMEs) are particularly vulnerable to ransomware attacks. SMEs generally have fewer protection mechanisms in place and less skilled cybersecurity staff as compared to larger enterprises.
The key to defending against ransomware is first, preventing it from infecting any system in the first place. But, if ransomware does gain a foothold, it's critical to immediately detect the infection and kill all related ransomware processes, along with isolating all infected machines to contain the infection. So the best approach for defending against ransomware is first prevention, followed by rapid detection, containment, and removal.
Live webinar: A layered, unified platform approach for ransomware protection
Cynet's new ransomware protection overview lays out how the company relies on multiple preventions, detection, and remediation layers to prevent its clients from falling victim to ransomware.
The Cynet approach seems to respond to the current complexities of ransomware:
- First, with ransomware continuously changing attack techniques, it is increasingly difficult to detect.
- Second, because ransomware can quickly lock machines and files, it's important to kill all ransomware components and isolate infected devices immediately.
- Third, because one never knows how long ransomware has been present in the environment and the extent of the infection, it must be fully routed out across the entire environment.
To register for a live demonstration of the Cynet XDR layered approach for ransomware protection, click here.
|Cynet's multiple protection layers to prevent ransomware
Because Cynet is routinely called in to help companies that have fallen victim to ransomware conduct a full Incident Response, they've developed a remarkably robust set of ransomware protections.
Unfortunately, many companies only learn about the importance of having comprehensive ransomware protections in place after experiencing the devastation caused by being a ransomware victim.
Prevention and Detection
Cynet's solution starts with multiple preventions and detection techniques, including common next-generation antivirus (NGAV), and adds in real-time memory protection to detect ransomware behaviors from unknown variants, critical component filtering to prevent ransomware from harvesting credentials and spreading, real-time file filtering to prevent ransomware from altering existing files and deception technology to lure ransomware into accessing decoy hosts and files.
Investigation and Remediation
While most ransomware protection solution providers focus almost exclusively on prevention and detection, Cynet also places considerable emphasis on quickly and thoroughly responding to ransomware attacks post-detection.
Importantly, Cynet emphasizes that the prevention and detection of an attack instance are critical, but only the first step. Companies must assume that the malicious artifact identified is only the tip of an iceberg.
|Example of Cynet's Remediation Playbook for Automatically Responding to Ransomware Alerts
Cynet automatically triggers an automated investigation following each endpoint, user, or network alert, to disclose its root cause and scope and apply required remediation actions across the environment. Because Cynet is an XDR solution, it can apply a very broad range of remediation actions directly from its platform across endpoints, networks, users, and files.
They also provide automated remediation playbooks, which are very valuable for stringing multiple remediation actions together to respond to ransomware threats.
After speaking with several representatives from companies that have had to dig themselves out of a widespread ransomware infection, you definitely do not want to be in that situation. Every single one wished they had better protections in place so they could have avoided the excruciating experience.
Having a broad arsenal of prevention, detection, and response tools are critical to prevent your company from becoming the next ransomware victim.