Since 2015, Secureworks® Counter Threat Unit™ (CTU) researchers have observed a massive increase in the number and impact of post-intrusion ransomware incidents. In these attacks, a threat actor gains access to a compromised network, moves laterally to other systems and networks, locates the critical business assets, and then chooses a time (which could be days or months after initial access) to deploy ransomware that encrypts the victim’s files. Around the end of 2019, criminals realized they could gain additional leverage by stealing data before encrypting it and then threatening the victim with public disclosure.
Offline backups are important, but they cannot mitigate increasingly aggressive attacks and ‘name-and-shame’ tactics. Even with backups, recovery will likely take weeks or months, not days. Preventing network breaches before they can be used to deploy ransomware is the best solution. If prevention fails, it is important to quickly detect and respond to the threat.
Secureworks incident responders have helped many organizations recover from post-intrusion ransomware attacks when detection and containment were unsuccessful. The path to recovery can be long and painful, and leave leadership and staff vowing to “never let this happen again.” The disruption caused by the attack leads the organization to prioritize cybersecurity and allocate resources to prevent history from repeating. Organizations typically follow one of two approaches at this critical decision point.
The first approach is to invest heavily in new technology. It can be tempting to buy a shiny box or service based on promises that it can be seamlessly integrated and offer immediate protection. Vendors are quick to claim near-flawless detection accuracy in the lab, where demonstrations show how ransomware is magically blocked from executing.
But the reality is that network defense is hard, and a new product will not make that problem go aw ..
Support the originator by clicking the read the rest link below.
