Cyber Hygiene and Ransomware: Don’t be the Low Hanging Fruit

Date:

December 6, 2023

World map

Ransomware attack losses are estimated to reach $265 billion annually by 2031. The rapid growth of ransomware attacks has made this cyber threat a top concern for businesses and organizations worldwide.  

More than 2,300 organizations succumbed to ransomware attacks in just the first half of 2023, impacting organizations across every industry vertical.  

Attackers are getting more efficient at exploiting vulnerabilities, and this trend is likely to continue as threat actors automate aspects of their attack sequences.  

We see evidence of this automation in the hundreds of organizations that have been hit by just one ransomware group exploiting two patchable vulnerabilities in early 2023.

Basic cyber hygiene has never been more important than it is today in the face of a relentless onslaught of ransomware and data extortion attacks.

Takeaway: To preface, remember that a determined attacker with enough time and resources is going to be successful to some degree. That said, cyber hygiene is security 101 and is critically important to protecting organizations.  

The goal here is to raise the bar for the threat actor, where basic cyber hygiene can be the difference between being a victim of opportunity or remaining unscathed.

As a simple analogy would be this: imagine a thief is walking through a parking lot at a crowded establishment. They are checking car doors to see if anyone left theirs unlocked. They move from car to car, leaving the locked cars unmolested until they find their target - the unlocked car.  

And what if they are locked? The thief, like the cybercriminal, now has to make a decision whether to escalate efforts. If they break a window, they may possibly set off an alarm, and there are people nearby who could hear, etc. Their risk goes up significantly when the task of breaking into the car becomes more difficult.

Good cyber hygiene does not mean you won't be attacked, and it does not guarantee an attacker won't be successful, but it does mean your organization is not the "low hanging fruit" and an easy mark.

Anytime we can raise the bar for the attacker, force them to take greater risks, invest more resources, take more time, the more likely they are to move on to the next potential target.

This is particularly true of ransomware attackers who - unlike threat actors in the espionage game - are very opportunistic and seek the biggest payout with the least resources committed.

Additionally, ransomware operators have become extremely adept at automating the exploitation of known vulnerabilities where a patch is already available.  

This is evident on the hundreds and potentially thousands of organizations who were victimized by Cl0p in the first half of 2023 due to their failure to patch the GoAnywhere and MoveIT file sharing software offerings.

Cyber hygiene is also extremely important for organizations with cyber insurance, as simple misconfigurations and unpatched software could put the organization out of compliance and render the policy moot.  

It is also extremely important for publicly traded companies, those in a heavily regulated industry vertical, and those who handle sensitive personal and financial information.

Organizations of every size need to implement a strong prevention and resilience strategy to defend against ransomware attacks, including:

  • Keeping all software and operating systems up to date and patched
  • Assuring critical data is backed up offsite and protected from corruption in the case of a ransomware attack
  • Assure all endpoints are protected with an EPP solution like next-generation anti-virus (NGAV) software and an anti-ransomware solution
  • Implement network segmentation and Zero Trust policies
  • Implement an employee awareness program to educate against risky behaviors, phishing techniques, etc.
  • Plan and prepare for failure by running regular tabletop exercises and ensuring all stakeholders are ready and available to respond to an attack at all times

Organizations require both a robust prevention and an agile resilience strategy to defend against this wave of ransomware attacks. This approach includes endpoint protection solutions, patch management, data backups, access controls, employee awareness training, and organizational procedure and resilience testing for all ransomware readiness plans to be successful.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.