In the Face of a Ransomware Attack, Can Your Defenses Prevail?

As the fastest growing malware threat, ransomware attacks are trending high in the news, targeting organizations and users of all types. In June, two hospital systems began notifying patients and employees of cyber incidents, one ransomware and one a data breach. The state of Texas is the latest state to be hit so far with such an attack, requiring cash out of well over 2.5 million (USD). According to one security analyst, the offense is considered to be the largest in widespread coordinated attacks ever seen.

Highly skilled malware developers are taking ransom attacks to a new level. For example, LockerGoga and MegaCortex ransomware pairs unique methods of iterating through victim files with destructive disk-wiper functions.  Organizations facing this type of event not only have to recover lost data but must restore the entire OS and rebuild their system structure.

Cyber ransom attacks are a top priority for law enforcement and enterprises around the world. Every type of organization is at risk, especially high profile, multinational enterprises and government agencies.

What Are You to Do?

When faced with a ransomware attack, you have two choices – to pay the ransom or not. Many organizations are quick to take the stance of, “Just make this go away – pay the hackers and get my data back.”  But paying up does not mean that everything is instantly copacetic – 80’s adjective. There Much work remains to ensure a defense that prevents attackers from continuing to prey on you. Paying up leaves you looking like an easy mark for recurring attacks. Also, there is a chance that the decryption key could include code that would set the stage for future intrusions. Moreover, you can’t trust that perpetrators will keep their part of the arrangement to set your data free once you’ve paid the ransom.

The other option is to grab the bull by the horns and say ‘I’ve got this.’  Shut down the entire network, rebuild the system, and restore files from your backups. Initiatives like NO MORE RANSOM help victims recover data without paying attackers. They provide decryption tools that allow victims to unlock files.  However, this approach is not cut and dried or straightforward. It can take lots of human resources weeks and months for a full recovery

Recovery Is an Arduous Task

No matter the decision you make, there is painstaking work to be done following a ransom attack. Day-to-day business must continue, but often without the automation and digital tools that simplify tasks and operational processes. When San Francisco-based KQED News room faced a ransom attack, they had to abandon original production plans and run previously aired exclusive shows until things were back to normal. Moreover, during the attack on Maersk, people combed through hundreds of physical documents and open containers to figure out what they were shipping and where. In all cases, IT must begin recovery efforts that can span weeks, months or a year and the more complex the IT infrastructure, the more costly, complicated, and time-consuming the recovery effort.

Common recovery efforts

  • Take down the network to stop the infection
  • Eradicate the malware by collecting and wiping clean every system and computer that was infected.
  • Create a temporary system to support business until recovery is complete.
  • Work with in-house or external experts to Identify security holes and rebuild a more secure infrastructure
  • Call in support for matters that are labor intensive

Avoid Attacks with Improved Defenses

Future-proofing information systems and the application infrastructure against ransom attacks is now essential whether or not you have suffered such an attack.

Industrial control and IT infrastructure providers, like Schneider electric, Aveva, and GHD, have partnered with security industry leaders. Their goal is to define a capable zero-trust infrastructure for high-valued information systems. The aim is to stop attacker efforts immediately as soon as the network, servers, and systems are compromised. Researchers at these companies found existing security solutions profoundly lacking capabilities to defend critical services against evolving ransomware properly and in real-time.

These solution providers establish partnerships with emerging security technology companies to better equip themselves and their customers with proactive defenses. At the top of the list, they need advanced application controls that are designed on the assumption that attackers will ultimately reach critical systems.  Advanced solutions enable visibility into essentially every application function at runtime, and with insight into workload components as systems are executing. Organizations gain confidence in real-time attack detection, and responsive actions before attackers seize any files – a win in the battle against ever-changing means of malicious system seizures.

Next Steps

If you have not already, upgrade your security infrastructure to guardrail your applications and counter any thought of a ransom attack. Watch our demo of a multi-step ransomware attack in action using advanced hacking tools. See how Virsec security platform can instantly spot this attack at every stage and stop it. If you are not already partnering with Virsec, it may be time to consider doing so – before there is a ransom demand or if you are recovering.


Further Resources:

LockerGoga Ransomware Slams Industrial Firms in Europe with Devastating Impact

After $40M LockerGoga CyberAttack, Norsk Hydro Kept its Good Reputation, Fights Back

Multi-Step Ransomware Attack Demo

White Paper: Runtime Application Visibility & Protection