While ransomware attacks on consumers have declined, the enterprise experienced a 300% increase in such attacks over the past year. This is according to a recent report, which also found that the number of ransomware detections rose by 195% from Q4 2018 to Q1 2019.
The state of ransomware attacks
In comparison to the same time last year, business detections of ransomware have risen by over 500%. This is predominantly due to a huge attack by the Troldesh ransomware against US organisations in early Q1.
Meanwhile, consumer detections of ransomware have proceeded to decrease by 10% quarter over quarter and 33% year over year. This is despite activity from families such as GandCrab, which targeted consumers over the last quarter as it "switched to a ransomware-as-a-service and began brute-forcing RDP to infiltrate systems."
This month, the US Conference of Mayors passed a resolution urging mayors to oppose payment demanded by ransomware attackers. At least 170 county, city or state government systems have experienced a ransomware attack since 2013, 22 of which occurred this year.
Protecting your organisation against ransomware
As a whitepaper from Ivanti observes, hackers often spread ransomware using phishing or spam emails. First and foremost, prevention is critical to combatting ransomware as "once the ransomware is running, it's too late."
The FBI suggests nine prevention steps, the first of which entails patching the critical operating systems and applications. Next, enterprises must ensure that antivirus software is up-to-date and schedule regular scans.
Minimising privileges is also an important tactic when it comes to defending against many types of ransomware. In addition to this, it is vital that companies implement access control that focuses on data protection.
It is then necessary to define, implement, and enforce rules that govern how other software behaves to block illegitimate activities. Disabling macros from Office files will also stop many types of malware, including ransomware.
By implementing application whitelisting, this ensures that only known applications designated as trusted can run on any endpoint. It is also useful to restrict users to virtualised or containerised environments so that any ransomware that gains access to a user’s system is unable to harm the user’s primary work environment.
Finally, it is absolutely vital that enterprises back up critical files frequently in order to ensure business continuity. In order to address these nine crucial measures, Ivanti has developed solutions that manage and safeguard any endpoint, which ultimately enable organisations to protect themselves against ransomware.
How does the UK perceive new cybersecurity solutions? Check out our podcast with Dr Jessica Barker, co-Founder and Socio-Technical Lead at Cygenta, to find out
