Fortinet’s FortiGuard Labs summarizes the state of ransomware settlements


It’s painfully obvious at this point that ransomware is growing in popularity. Fortinet’s FortiGuard Labs team found that in the first half of 2022 alone, the number of new ransomware variants doubled compared to the previous half. It’s no wonder that more and more companies are turning to cyber insurance to cover their losses when faced with a ransomware settlement.

This is an option – but think of it as a parachute for your parachute; it does not replace all other safety precautions. Cyber ​​insurance can also be a double-edged sword. It is gaining popularity and usually compensates for losses caused by hacking and data theft, extortion and destruction. Since it sometimes covers ransomware costs, it seems like a reasonable way to counter this threat.

But cyber insurance is far from the panacea many companies were hoping for, as hackers know full well that organizations with insurance are more likely to pay a settlement for ransomware payments. Let’s consider additional options to mitigate the ransomware threat.

Increase in ransomware and evolution of methodology

Hackers are experimenting with new attack vectors associated with known exploits and are executing them with increasing frequency. Attackers continue to introduce new strains of ransomware, and update, improve, and reuse existing ones, making them more sophisticated and aggressive. FortiGuard Labs researchers found 10,666 ransomware variants in the first six months of this year; in the previous period there were only 5,400.

The increasing popularity of ransomware-as-a-service (RaaS) on the dark web is largely responsible for the phenomenal rise in ransomware. To make quick bucks, cyber criminals buy plug-and-play ransomware and use subscription-based services.

The state of cyber insurance and billing

While insurance that pays a claim is beneficial, anecdotal evidence suggests that some organizations, particularly local governments with minimal cybersecurity capabilities, are being selectively targeted for having insurance.

The cybercriminals take the time to do their research. Attackers requesting a ransomware settlement want to know if you have insurance, because they know they are more likely to get paid if you do. Whether or not a business is insured is factored into criminals’ playbooks, and data from a ransomware survey shows that certain organizations are often targeted, particularly when they pay.

Defeat the need for ransomware comparisons with this checklist

It goes without saying that effective ransomware detection requires both technology and training. While you probably already have your list of techniques, here is a checklist of additional areas to consider when it comes to detecting and stopping ransomware attacks.

Use Subterfuge to lure – and repel – attackers: A honeypot is a trick that uses fake file repositories designed to resemble desirable targets for attackers. A ransomware hacker targeting your honeypot can be found and stopped. Such cyber deception technology not only leverages the ransomware’s own methods and strategies to trigger detection, but also reveals the attacker’s tactics, tools and procedures (TTP) that enabled them to successfully infiltrate the network. With this information, your team can find and fix security vulnerabilities.

Monitor the network and endpoints: With continuous network monitoring, you can record inbound and outbound traffic, analyze files for signs of an attack (such as failed changes), baseline normal user behavior, and then investigate anomalies. Use anti-virus and anti-ransomware software to whitelist legitimate websites. Finally, adding behavior-based detections to your security toolkit is crucial, especially as attack surfaces grow and attackers up their game with new, more sophisticated attacks.

Train your employees on the characteristics of ransomware: Today’s workforce requires security awareness training that helps organizations protect against ever-evolving threats. Train your employees to recognize ransomware warning indicators, including emails that appear to be from reliable companies, dubious file attachments, and shady external links.

Add SOC-as-a-Service to your team as needed: Everyone has to work harder to stay on top given the intensity of the current threat environment, both in terms of speed and sophistication. However, that only gets you so far. The outsourcing of some tasks, e.g. B. Threat hunting and incident response is a smarter way of working. Therefore, it can be beneficial to work with a managed detection and response (MDR) provider or SOC-as-a-service solution. By empowering your team in this way, you can reduce distractions and free your analysts to focus on their more important work.

Think outside the network: Consider looking outside your own network when assessing the dangers you face. A Digital Risk Protection (DRP) service can help an organization identify and mitigate three additional areas of risk as an extension of its security architecture: risks related to digital assets, risks related to brands, and risks related to hidden and immediate threats.

Proactively avoid ransomware settlements

With ransomware now a “when” not a “if,” cyber insurance could be an increasingly attractive option for many businesses. But while the volume of ransomware is increasing, there are many technologies and processes that can help your team mitigate the risks of this growing threat. From ongoing cyber training to cutting-edge tools, you can defeat clever attackers and bypass the need for ransomware comparisons.

Copyright © 2022 IDG Communications, Inc.


About Author

Comments are closed.