Ransomware – 30 ways to protect your company against 10 most frequently used attack methods

Read more

With each passing year number of ransomware attacks grows and companies cannot secure themselves against them because they often lack the resources or expertise to do so effectively.  

According to data from the US Justice Department, ransomware attacks have increased by over 300% between 2021 and 2022, due to the increasing prevalence of connected devices, which provides hackers with more potential targets.  

Additionally, ransomware deployment technologies have become increasingly sophisticated and easier to use, making it easier for criminals to launch attacks. 

Companies can be also vulnerable to attack if their cybersecurity software is outdated or not properly configured. Additionally, organizations are frequently targeted through phishing attacks and other social engineering techniques, which can result in malware or ransomware infiltrating their networks. 

According to a recent survey from Carbon Black, around 77% of companies reported experiencing at least one ransomware attack in the last year. Of the remaining 23% of companies, it is likely that some did not report a ransomware attack but likely experienced one. 

In this article we will analyze how your company can defend itself against 10 most frequently used ransomware attack methods.  

Ransomware – what is it and how does it work?

Ransomware - what it is and how it works examples

Ransomware is a type of malicious software (malware) that is designed to deny users access to their data until a ransom is paid. It works by encrypting the user’s data, so that it can no longer be accessed normally.  

To regain access, the user must pay a fee to the creator of the ransomware, who will then provide the decryption key needed to recover the encrypted data. 

Ransoms are typically paid via digital currency such as Bitcoin, which allows users to transfer funds anonymously and securely. Some ransomware operators also accept payments through credit cards, money transfers, prepaid cash cards, and other forms of online payment services. 

What are most frequently used ransomware attack methods?

What are most frequently used ransomware attack methods examples

Ransomware attack methods vary in terms of the way they are delivered, the payloads they deliver, and the end goal of the attack. Common delivery methods include phishing emails, malicious links and attachments, exploit kits, and malicious software. Payloads can range from malicious scripts that delete or encrypt files, to malicious programs that take control of systems or encrypt entire volumes of data. The end goal could be anything from extortion for a ransom payment to disruption of business operations or data leakage.

10 most frequently used ransomware attack methods with estimated amount of ransom in 2022: 

1. WannaCry ($4.1 billion)

2. Sodinokibi/REvil ($3.5 billion)

3. Maze ($3.2 billion)

4. NetWalker ($2.6 billion)

5. DoppelPaymer ($2.3 billion)

6. Dharma ($1.9 billion)

7. RagnarLocker ($1.6 billion)

8. Avaddon ($1.4 billion)

9. Sekhmet ($1.1 billion)

10. Conti ($900 million)

Why companies struggle to secure themselves against ransomware attacks? 

Why companies struggle to secure themselves against ransomware attacks examples

Companies cannot secure themselves properly against ransomware attacks because they often lack the resources or expertise to do so effectively and can be vulnerable to attack if their cybersecurity software is outdated or not properly configured.  

Additionally, organizations are frequently targeted through phishing attacks and other social engineering techniques, which can result in malware or ransomware infiltrating their networks. 

Below we have listed 7 most common reasons why companies are vulnerable to ransomware attacks: 

1. Weaknesses in authentication – weak authentication systems can be exploited by ransomware attacks, allowing malicious actors to access company networks and deploy ransomware.

2. Lack of employee training and awareness – all employees should be properly trained and aware of the risks posed by ransomware threats, but unfortunately many companies lack such initiatives.

3. Poor patching/update practices – companies should apply updates or patches regularly to ensure proper security measures and reduce the potential risk of being exposed to ransomware attacks.

4. Inadequate backup strategy – frequent backups are essential for avoiding data loss from ransomware, yet many organizations don’t have an effective backup strategy in place.

5. Unsecure remote access – unadequately secured remote access protocols and connections can be exploited easily by malicious actors who want to deploy ransomware.

6. Lack of endpoint security solutions – companies should invest in endpoint security solutions to prevent and detect malicious behavior before ransomware can be deployed.

7. Absence of perimeter protection – solutions such as firewalls and anti-virus software can help protect your company against malicious intent.

Eliminating those most frequent vulnerabilities can drastically reduce risk of sucessfull ransomware attack on your company.  

Below you will find some more examples on how you can protect your company and data. 

How companies can secure themselves against ransomware attacks? 

How companies can secure themselves against ransomware attacks examples

Securing a company from ransomware attacks starts with a multi-layered approach, beginning with basic cyber hygiene which includes user training, malware and virus protection, updating software regularly, patching operating systems and applications, implementing access control protocols and encryption, and monitoring networks.  

Other measures to consider include having an incident response plan in place, leveraging cloud-based backups or disaster recovery services, and regularly testing and evaluating the effectiveness of your security measures. 

Below you will find of 30 things you should do to protect your company against ransomware: 

1. Update / patch operating systems, software, and firmware on all devices regularly.

2. Use technologies like firewalls, intrusion detection systems, and malware protection.

3. Block incoming connections from countries where ransomware is prevalent.

4. Implement end-user education and training programs.

5. Use role-based user access control.

6. Enable disk encryption on laptops and mobile devices.

7. Restrict administrative privileges to only essential personnel.

8. Implement application whitelisting and blacklisting.

9. Harden Remote Desktop Protocol (RDP) connections and disable it when it’s not required

10. Monitor systems for anomalies and suspicious activity.

11. Isolate sensitive systems from the Internet.

12. Test disaster recovery plans on a regular basis.

13. Perform regular backups of all important data and store them in a secure, off-site location.

14. Use multi-factor authentication solutions for high-value accounts and privileged users.

15. Monitor networks for suspicious activities and set up alerts for any unusual activities.

16. Keep antivirus software updated and conduct regular scans.

17. Harden all internet facing services such as web servers, email servers, etc.

18. Configure firewalls to block access to known malicious IP addresses.

19. Restrict access to external storage devices such as USB drives.

20. Limit unnecessary external internet access such as online gaming or streaming services.

21. Utilize application sandboxing solutions for high-risk environments.

22. Use encryption for sensitive data both at rest and in transit.

23. Place secure restrictions on all incoming executable files.

24. Implement a strict password policy across all user accounts.

25. Schedule regular vulnerability and penetration testing.

26. Implement Network Segmentation to compartmentalize systems from those hosting sensitive data.

27. Use cloud security services, such as encrypted connections, to protect data in the cloud.

28. Disable macros in Office documents and review emails with attached files.

29. Send regular security awareness emails and newsletters to employees.

30. Regularly audit system vulnerabilities and respond quickly to any findings.

SOFTIQ offer of security audits and penetration testing for your company

offer of security audits and penetration testing for your company

What is characteristic to the security audit of IT systems, offered by SOFTIQ?

Our security audit is a comprehensive analysis of the degree of protection of IT systems and sensitive data of the company, conducted on the basis of an environmental interview, as well as collected materials, including, among others, security policies and procedures, network diagrams and systems documentation. 

Security audit conducted by our experienced team allows us to:

  • Identify vulnerabilities in system security,
  • Detect potential threats and determine their impact,
  • Prepare an action plan for various emergencies.

The effect of the IT systems security audit offered by SOFTIQ is a detailed report, describing the detected threats, their significance and ways to remove them. 

Our security audit of the IT systems is divided into 3 stages:

1. Planning – we get to know the specifics of the company, we select a team of skilled auditors, based on their competences, and we develop an audit plan. 

2. Auditing – we collect and analyze information about the procedures used in the company; we verify the actions taken by specialists dealing with IT security in the company; we gain access to the systems and their documentation; we conduct interviews, perform vulnerability scans and compile the results for evaluation. 

3. Reporting – we describe the level of security found, list and characterize the detected threats, provide recommendations along with the deadline for their implementation and justification for the need to implement them. 

In addition to standard security audits of IT systems, which include automatic vulnerability scans, we have also prepared a penetration testing (pentests) service for our Clients. 

What are penetration tests and what are the benefits of conducting them?

Penetration tests are an attempt by our specialists to break the security of the systems or infrastructure elements indicated by you. 

Thanks to the tests carried out by an experienced, external team, you gain knowledge about the real level of protection of confidential data in your company. 

The purpose of the tests may be defined before they start, as well as may be the result of our initial audit. 

Depending on the amount of information about systems that will be the target of our specialists, penetration tests can be carried out according to different scenarios, called “white box”, “gray box” or “black box”. 

offer of security audits and penetration testing for company

Feel free to read our other articles
and download useful materials!

Learn how to keep your IT project budget in check and avoid major mistakes.

Learn the advantages and disadvantages of staff augmentation and find out how much you can save by outsourcing specialists.

Check out the advantages of dedicated software and learn what benefits it can bring to your company.

This post is also available in: Polski (Polish)