Technical

by Chance Pearson, penetration tester at Packetlabs. Chance’s core competencies include penetration testing, software engineering and managing various endpoint security tools. Chance is a graduate of the University of Alberta’s Bachelor of Science – Computer Science program, where he gained technical knowledge in software programming.

Chance has experience in IT support, SIEM implementation, endpoint security operations, and automation.  

Ransomware has been one of the leading causes of cyber incidents in the last few years and is expected to keep growing in impact and cost over the following years. Ensuring your organization is equipped to handle ransomware attacks is becoming increasingly needed. Organizations often rely on Endpoint Detection and Response (EDR) or antivirus tools to protect against these attacks. However, while these tools can help against these attacks, organizations should only partially rely on them and ensure other actions are taken to provide the best security posture.

This is why the Packetlabs ransomware checklist was created to help organizations stop ransomware actors' various attack paths before they become an incident. The checklist is broken down based on the National Institute of Standards and Technology (NIST) Ransomware framework. Having the checklist broken down based on these frameworks ensures that organizations better protect themselves using a proven method that targets everything from People, Processes, and Technology.

Key Ransomware Statistics to Know

• The average ransomware payment is increasing by 82% year-over-year

• 81% of cybersecurity experts believe that sophisticated ransomware attacks are on the rise

• New variants of ransomware grew by 46% in 2019 alone

• Businesses fall victim to a ransomware attack every 14 seconds

• Ransomware has become one of the most popular forms of cyberattacks, growing 350% since 2018

• The average cost of a ransomware attack in 2023 is $1.85 million

• By 2031, a ransomware attack is predicted to happen every two seconds

• Ransomware accounts for 10% of all security breaches worldwide

• On average, ransomware-related breaches took 49 days longer than other types of breaches to identify and contain

• In the first half of 2022 alone, organizations worldwide saw 236.7 million ransomware cyberattacks

What Are The Benefits of a Ransomware Checklist?

From a technology standpoint, an organization can reduce the impact of a ransomware incident by ensuring that legacy items like LLMNR are disabled and only allowing required protocols to reduce how attackers can perform lateral movement. Additionally, the checklist takes it further to talk about removing backup servers of critical systems from the domain to add an extra layer of protection where these necessary backups would be protected if a domain were compromised. 

Processes should be updated regularly and when new tools are introduced to an organization. A good process will help ensure that systems are being patched regularly to mitigate against any known vulnerabilities and when new patches are available. This will organization reduce the attack surfaces that ransomware threat actors can target by ensuring systems are on the latest versions when feasible. 

As more and more cloud services are offered, ensuring vendors know your security expectations has become even more critical. The checklist includes that these tools are great for business but must be covered by your security processes. Ensuring vendors are discouraging ransomware attacks through contract language helps ensure that your security practices are extended to any third-party vendor. 

How the Checklist Interlinks People and Processes for Maximum Efficacy

People are one of the most essential parts of the checklist. Ensuring that regular awareness training is conducted helps reduce the risk of employees opening or clicking links from unknown sources. Additionally, by regularly working with employees, a company can foster security within the organization.

While the hope is that ransomware does not occur to the organization, the checklist also covers incident response when an attack occurs. A solid incident response plan that includes ransomware attacks is critical to ensure smooth processes and flows during an attack. Providing that employees can assemble a task force quickly to identify the attack path used can help minimize damages from an attack. Additionally, the employees need to know when and how to contact law enforcement if needed so that legal action can occur.

After an attack occurs, post-incident actions must occur. By doing a root cause analysis, businesses can ensure that paths attackers have taken are remediated to ensure it does not happen again. Part of this process should include having a lesson learned section that can be taken away to enhance processes or improve technologies for the future.

The checklist is a great way to get started on protecting your organization from ransomware. Additionally, Packetlabs offers 100% tester-driven ransomware penetration testing services that can assist in finding vulnerabilities within your organization from a technical aspect and conduct meetings with various stakeholders to ensure processes and procedures are set up for success with non-technical questioning.