The prevalence of ransomware is growing due in part to the rise of ransomware-as-a-service and increasing cyber ransom demands -- many of which get paid, according to "The 2021 Ransomware Survey Report" from Fortinet.
Key takeaways from the report include:
- Ransomware attacks increased 1,070 percent between July 2020 and June of 2021.
- 94 percent of business leaders said they are concerned about ransomware, and 85 percent are more worried about a ransomware attack than other cyber threats.
- Respondents in Latin America (98 percent), the Asia-Pacific/Japan (98 percent) and EMEA (95 percent) were more concerned about ransomware attacks than their peers in North America (92 percent).
- 72 percent have a cyber ransom policy in place, and 49 percent stated they would pay a ransom outright.
- 67 percent said they have been targeted during ransomware attacks.
In addition, the report indicated that 84 percent of organizations have an incident response plan in place for ransomware attacks. It also showed that organizations include the following components in their incident response plans:
- Employee cyber training (61 percent)
- Risk assessment plan (60 percent)
- Offline backups (58 percent)
- Cybersecurity/ransomware insurance (57 percent)
- Network segmentation (48 percent)
- Business continuity measures (41 percent)
- Remediation plan (39 percent)
- Forensics abilities (34 percent)
- Incident response vendor on retainer (34 percent)
- Ransom payment guidance (33 percent)
- Testing of ransomware recovery methods, technologies and policies (28 percent)
- Red or blue team exercises (13 percent)
Today's ransomware attacks are "ubiquitous," Fortinet noted. However, organizations can take measures to guard against these attacks before they cause long-lasting damage.
Tips to Protect Against Ransomware Attacks
To mitigate the risk of ransomware attacks, the FBI and CISA say MSSPs and MSPs should take these seven steps:
- require multi-factor authentication (MFA);
- implement network segmentation;
- scan for vulnerabilities and keep software updated;
- remove unnecessary applications and apply controls — and be sure to investigate any unauthorized software, particularly remote desktop or remote monitoring and management software;
- implement endpoint and detection response tools;
- limit access to resources over the network, especially by restricting RDP; and
- secure user accounts.
How MSPs and MSSPs Can Respond to and Recover From Ransomware Attacks
If a ransomware incident occurs, then the CISA, FBI and NSA recommend the following four actions:
- Follow the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
- Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
- Report incidents immediately to CISA at https://us-cert.cisa.gov/report, a local FBI Field Office, or U.S. Secret Service Field Office.
- Apply incident response best practices found in the joint Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom.