The group brought up a few statistics to start the discussion—namely, that six out of ten malware attacks these days are specifically ransomware-based. Furthermore, the cost for resolving a ransomware attack has gone from a rough $200-$225 at the outset to over $1,000 per incident, which really indicates that ransomware is no longer an end-user issue—it is a corporate issue. The group spent a while deliberating on ways to tackle and solve ransomware, but inevitably agreed that it truly is still a massive struggle. One of the best options to preventing ransomware and mitigating its damage is general security hygiene. Isolating the “crown jewels” of your equipment and system so you can maintain it; clearly separating client traffic from server traffic; educating the end-user on threat awareness; being judicious in sharing privileged access with clients; and so on.
Hudson also researched suggested methods of handling ransomware online, and common suggestions date back almost 20 years—indicating these basic steps are consistently sound foundations. Some of these methods were: train your staff on awareness; routinely update your software; be cautious with links embedded in emails; back up your data; and more. There may be no quick fix to ransomware within any industry, but there are basic, essential steps to take that can create some defenses around and within your organization.
Then the group discussed what the future holds for ransomware. Thus far, ransomware has been a scene of mostly isolated, individual attacks. This group, however, believes that coordinated barrage attacks will be the new challenge. Furthermore, ransomware does not seem to hone in on specific target, but fishes for susceptible companies and people. However, the group thinks that the next evolution in ransomware will lead to more direct, targeted attacks on major companies, or even specific executives within an organization that would provide the most profit if they’re successfully attacked. There is a lot on the horizon for growth with ransomware, but with basic hygiene and continued efforts and collaboration, security teams can continue to hold them off and, hopefully, conquer them entirely.