Skip to content

Are You Ready for Ransomware?

By Expedient

Ransomware attacks have become so common that it’s no longer a matter of how many cyberattacks happen per day — that metric is now measured in seconds. A new ransomware attack will happen every 11 seconds this year. The number of attacks in Q3 alone was 148% higher than the same period last year. 

Making matters worse, in the past five years, the average ransom demand has shot up from $15,000 to $175,000 – an almost 12-fold increase. 

To get an idea of how devastating a ransomware attack can be, consider what happened to Expedient client National Auto Care in October of last year. At 6:30 on a Friday morning, employees started noticing the network was not accessible. An hour later, the first help desk ticket was submitted. At 8:28, it was confirmed that there had been a ransomware attack and by 8:30, a call had been placed to the FBI and the affected servers were shut down, effectively paralyzing the organization. 

Fortunately, National Auto Care was prepared for such an incident. They had daily backups and a plan in place for executing a disaster recovery that was tested and reliable. In under 48 hours, they were back up and running. 

Mitigating Risks and Putting a Plan Together 

So, what can be done? How can you best prepare and mitigate the risks of a ransomware attack? A modern behavioral-based detection and response solution is a good place to start. If ransomware can’t get its foot in the door, it can’t take hold of your business. We approach it in three steps: Protect, Detect, and Recover. 

Protect Your Data 

Protect your critical information with an airtight data protection strategy that includes inexpensive, immutable backups, which secures data by making it unchangeable. Additionally, properly controlling access to applications through a robust identity and access management policy and solution further reduces chances of an initial infection. These areas of focus share a common goal – explicitly grant access to known good entities (i.e. code execution, network paths or access policies) and block everything else by default. 

Detect Unauthorized Access 

Mitigate unauthorized access to your environment via role-based access controls and 2-Factor Authentication. If an attack does reach your systems, employ micro-segmentation to prevent the ransomware from spreading. A solution like Expedient Security CTRL, our suite of managed security services, will ensure both user authentication and firewalling between each server, enabling massively scalable and policy-driven control access. 

Recover Faster 

Protecting your infrastructure against attack, even when approached from multiple angles as discussed above, still cannot guarantee malware won’t find its way into your business. For this reason, it is also critical to have a backup and Disaster Recovery (DR) plan in place. Whether a single server or your entire infrastructure becomes compromised, you can be prepared to recover – quickly, efficiently, and with a known outcome. Leverage disaster recovery as a service from a provider who offers modern, sophisticated technology, fast recovery point and recovery times, and experts who have developed the muscle memory required to respond calmly, thoughtfully and comprehensively during a ransomware attack. Push Button Disaster Recovery (PBDR) from Expedient is a fully managed service offering rapid failover between disparate locations without IP or DNS changes. 

If you’ve read this far, it’s probably taken you 3 or 4 minutes. Or, roughly, 20 new ransomware attacks. Now’s the time to shore up defenses to protect, detect, and recover from those attacks. They’re not stopping any time soon.