Blog WatchGuard

Ransomware is relentless: what can you do to protect against it?

Not only is ransomware on the rise, but this type of malware is also growing more sophisticated and professionalized, which is a cause for concern for both organizations and users.  

A recent study detected more than 500 data breach-related cases, which is 150% up on the same month in 2022. This hike may be due to several factors, but the main reason is that malware has grown more sophisticated. Ransomware can adopt different styles and forms nowadays, with the aim of finding loopholes and breaking into security systems rapidly. Its ability to diversify and act immediately means it’s becoming harder and harder to mitigate its effects. According to our Internet Security Report, in Q2 of this year, despite reporting a 21% decrease in endpoint attacks, there has been a spike in other more sophisticated malware models such as Cl0p, SpyEye, and Zbot.  

We know a range of different ransomware groups are launching more frequent threats. Several cybercriminal groups have recently leveraged ransomware that targets VMWare ESXi servers (hypervisor for deploying virtual computers). For example, the threat actors behind ESXiArgs ransomware automated their attacks on these systems, and the Dark Angels Team has caught the attention of researchers as they used an ESXi encryptor by the Ragnar Locker ransomware group with their attack on Johnson Controls. Interestingly, most ESXi ransomware encryptors borrowed code from the Babuk ransomware, which leaked a few years ago. This spate of attacks illustrates how today’s ransomware syndicates are adapting to evade the defenses implemented by organizations.  

Another trend is the increase in cases where hackers skip file encryption and only steal data. More and more ransomware gangs are threatening to leak sensitive data, which raises the stakes through the menace of double extortion. Analysis shows 72% growth in this type of attack following the emergence of 13 new cybercrime syndicates focusing on this type of attack.  

What can we do to protect ourselves from ransomware? 

Prevention is one of the most effective ways to protect ourselves against ransomware attacks. Here are some basic precautions you should take:  

  • Implement email security measures: email is one of the main entry points for ransomware. Deploying a reliable threat detection system is a good start to protect systems.  
  • Decrypt traffic at the network perimeter: we recommend decrypting traffic due to the growth in the distribution of malware through encrypted channels. 
  • Backups: Backing up systems and data on different servers and networks regularly helps combat double extortion attacks. Backups stored on a separate network or offline prevent encrypted malware from destroying security backups in the event of an attack on the original system. 
  • Keep software up to date: according to our ISR, most attacks target outdated systems. Ensuring all cybersecurity systems are up to date is critical to avoid gaps in cybersecurity protocols. 
  • Train your employees: the responsibility for effective attack prevention often lies with users; techniques such as phishing are targeted exclusively at this group. Employees need to know how to recognize and protect themselves against potential attacks through interactive and practical training. 
  • Identify your areas of Internet exposure and related risks: monitoring network ports and the potential for data exposure to threat actors is a priority. 
  • Deploy zero-trust technology: this is essential to strengthening endpoint security as zero trust creates policy-based controls to ensure secure access while considering potential security breaches. Adopting this posture is crucial for all cybersecurity systems today. 

In short, there are many ways to ward off ransomware attacks. Adopting an approach that unifies diverse cybersecurity solutions helps you achieve comprehensive and real protection. For instance, XDR technology enables organizations to consolidate and unify their cybersecurity protocols through data collection and monitoring potential threats. XDR is also an effective tool to defend endpoints against network exposure, which causes 3% of attacks, according to our data. Deploying this technology helps you prevent security breaches and shield your devices.