Ransomware Protection Guide

The evergrowing sophistication of ransomware.

Ransomware has become one of the most popular and devastating forms of cyberattack. Since ransomware gangs are some of the most sophisticated hacker groups and APTs in the world, newer ransomware strains are becoming increasingly capable of avoiding detection and encrypting databases at incredible speeds. Some of the fastest ransomware strains encrypt up to 100,000 files in as little as four minutes, leading to challenges in ransomware protection.

Even though most ransomware attacks reported on the news are targeted at large corporations and governments, small and medium-sized businesses make up a large percentage of ransomware victims. With more and more ransomware-as-a-service (RaaS) options available, even less capable hackers and cybercriminals now have access to ransomware as an exploitation tool.

To effectively mitigate the growing threat of ransomware, Penta Security recommends a multi-layered approach that minimizes risk at different dimensions.

To deploy ransomware on targeted IT systems, attackers first need to gain access to the corporate network. Hence, the best preventative measure against ransomware is to keep attackers away from the network. Given that a large number of network intrusions begin from social engineering and phishing attacks, protecting employee and admin accounts from unauthorized third-party access greatly reduces the risk of network intrusion and ransomware infection.

iSIGN+ is an appliance-type FIDO2-compliant identity and access management (IAM) solution that provides secure user authentication and access control for corporate accounts, supporting advanced authentication methods like mobile OTP and biometrics. Its robust authentication mechanisms defend against the most sophisticated social engineering and privilege escalation attacks. Moreover, going password-free prevents employees from falling into phishing traps. Lastly, iSIGN+ offers a single sign-on (SSO) option to allow easy credential management and seamless login.

Most ransomware attacks today are double-extortion attacks, in which the attacker steals a copy of the victim’s sensitive data before deploying ransomware. As a result, the victim faces two threats: 1) the threat of not being able to access its systems and 2) the threat of having its sensitive data published or sold to third parties.  In fact, newer observations show that more often than not, the threat of having sensitive data released outweighs the threat of being locked out of systems. Therefore, some attackers now skip ransomware deployment altogether and only steal data in exchange for ransom.

Database encryption is the most effective solution against data theft. This is because although encryption does not prevent data exfiltration, having encrypted data on hand does not give the attacker any leverage on the victim.

D’Amo is a database encryption solution that uses optimized encryption technology based on given circumstances, capable of data encryption at the application layer, the system layer, and the network layer, without impacting server performance and database search. Provided with secure key management tools, D’Amo users are fully protected from data leaks and data compromise.

Web applications are another common entry point for ransomware operators. Many network intrusions enter through the application layer by exploiting web vulnerabilities like SQL injection and security misconfigurations. This makes web application security and vulnerability management another crucial facet in ransomware prevention.

WAPPLES is a logic-based web application firewall (WAF) that effectively prevents intrusions from entering through the application layer. WAPPLES protects web applications from all types of vulnerabilities including the OWASP Top 10, while its AI-based COCEP (Contents Classification and Evaluation Processing) detection engine uses rules to identify changing attack patterns and zero-day attacks. With self-diagnostics and periodic inspections, WAPPLES users enjoy continuous updates and support, achieving the long-term management of web vulnerabilities.

Besides the above solutions, organizations should conduct periodic training on cybersecurity awareness to ensure every employee has a well understanding of ransomware threats and can stay aware at an individual level. A backup copy of data crucial to operations should also be saved on an isolated network.

At Penta Security, we continuously study and analyze new threats and attack patterns to improve our solutions in response to the latest threats. Despite an ever-evolving ransomware scene, our customers always enjoy up-to-date protection at multiple entry points.