Are You Prepared for Ransomware IRL?
Most ransomware prevention advice focuses on antivirus software and other defenses, such as having good detection and response (DR) mechanisms. All of these are important. But with the advanced level of ransomware today, you also need to take measures that test your defenses and DR strategies to ensure the measures you have in place will hold up to a real-life advanced attack.
Working in Theory vs. in Real Life (IRL)
A restaurant wouldn’t serve a recipe without testing it. Automobile manufacturers wouldn’t sell a car without crash testing it. And companies responsible for safeguarding sensitive and legally protected personal information (or intellectual property, proprietary data or business-critical assets) shouldn’t stake their reputation on security defenses that they haven’t tested either.
The bottom line is, you don’t know what you don’t know. Testing your defenses with simulated attacks and targeted exploits increases the likelihood that you’ll uncover weak spots you didn’t know you had.
Find those issues before attackers find them for you. Cover your bases. Protect your reputation, position, and compliance standing – not to mention all that sensitive information – and make it a habit to test every new security strategy you implement.
An offensive security program (vulnerability management, penetration testing, red teaming) should be engaged on a regular basis. Vulnerability management solutions are typically automated, allowing organizations ongoing visibility. But this should always be paired with pen testing and red team engagements that are performed on a regular basis. Every quarter is optimal, every half is acceptable, every year is mandatory – and maybe a little too late, given the rapid evolution of ransomware today.
Ransomware Isn’t Slowing Down
Ransomware is an ever-evolving craft and one that threat actors are not getting tired of anytime soon. Now, thanks to advancements in artificial intelligence, a whole new world of creative ransomware endeavors has opened, and organizations need new tools, systems, and commitment to deal them. Examples include:
- Generative AI-based attacks | The UK’s National Cyber Security Centre (NCSC) published a paper in January linking AI to higher ransomware rates. The report states that “AI lowers the barrier for novice cyber criminals, hackers-for-hire and hacktivists to carry out effective access and information gathering operations. This enhanced access will likely contribute to the global ransomware threat over the next two years.”
- Evolving phishing techniques | 81% of security professionals billed phishing as the top threat in 2024, according to the 2024 Fortra State of Cybersecurity Survey. According to a 2022 study, of the 26% that experienced an increase in malicious emails, 88% were victimized by ransomware.
- Social engineering deep fakes | Using deep fakes in social engineering attacks is a tactic that could yield potentially disastrous results, especially given the effectiveness of generative AI. Imagine getting a fake video recording of a call with your boss, who asks that everyone watching navigate to a certain site to see the new Q2 sales figure – only when you click the link, your machine gets infected with malware instead. That’s the power of deep fakes to spread ransomware.
Plus, crucial industries like healthcare, energy, and the public sector at large are also increasingly at risk.
- Healthcare | A 2024 study revealed that 20% of healthcare companies’ data holdings are impacted in a ransomware attack.
- Critical infrastructure | In 2023, 67% of critical infrastructure organizations across oil, energy, and utilities suffered a ransomware attack.
- Government | On average, government and education pay significantly higher ransom sums compared to other sectors, with some paying upwards of $6 million.
Ransomware attacks are increasing in size and scope, as well as the potential to damage critical areas, especially in sectors where digitization is still comparatively new or disjointed (healthcare, education, local municipalities, and small utilities). These sectors are tantalizing targets for attackers who know that their defenses are often not fully matured, and so battle-testing them becomes more important than ever.
Be Battle Ready
Thankfully, testing your network’s security defenses doesn’t need to be hard, no matter your skill level. Fortra has managed options and advanced technologies that empower your team to execute vulnerability scanning, penetration testing, and red teaming.
We know that we’re in the midst of an ongoing cyber talent crisis (and probably will be for a while), so we’ve adapted our solutions to meet SOCs where they are.
Vulnerability Management | Don’t have time to figure out which vulnerabilities to address first? Fortra’s vulnerability management solutions not only uncover weak spots but let you know which ones are the highest risk to your assets so you can prioritize limited remediation resources appropriately.
Penetration Testing | Don’t have the resources to perform lengthy penetration tests? Core Impact provides you with training resources and technology that help simplify the process so your existing staff can easily upskill and perform these tests for you.
Red Team Engagements |Does your red team need tools that are flexible and powerful? Fortra’s Cobalt Strike provides malleable C2 for your team to create the specific engagements they need while Outflank provides you with additional advanced exploits, some “too powerful for public release,” to put your detection and response through its paces.
Preparing for a ransomware attack is a two-part process. Yes, you need quality antivirus solutions and network detection and response tools in place. But you also have to make sure they all come together and work under pressure, that your team runs the right fire drills, and that your whole security strategy – solutions and SOC – is always prepared, because you never know when and how ransomware could strike.
See Pen Testing in Action
Learn more about how Core Impact can proactively protect your environment with this on-demand demo.