The Fight against Ransomware: How to Detect and Deter?

Ransomware attacks are a significant threat to India’s Economy today, given rapid growth, Geopolitical scenario, and digitization, making it an attractive target for cybercriminals. India’s growing adoption of digital technologies, such as online banking and e-commerce, increases the number of potential targets for ransomware attackers. However, the most significant risk remains the need for more awareness about Cyber Security Threats such as Ransomware attacks, hence the limited preparedness of organizations to detect, deter, respond or mitigate them.

While large organizations, governments, and the public invest heavily in financial audits, IT General Controls, Risk Management, Compliance, Governance, Cyber Security Policy /Procedure development, upgradation, and basic vulnerability assessment, which is not enough to tackle and respond to Ransomware attacks.

Again there are Enterprise Businesses , Public sector institutions and mid-size businesses in India that need more cybersecurity resources and may need help to respond effectively to a ransomware attack. India also has a relatively high concentration of small and medium-sized businesses that may need more resources or expertise to protect themselves effectively against cyber-attacks.

Additionally, many organizations in India need more cybersecurity resources and may need help to respond effectively to a ransomware attack. This makes it easy for attackers to take advantage of them. Finally, the lack of cybersecurity regulations, laws, and awareness about cyber threats among the public and private sectors make it easy for attackers to target India.

Some techniques for an organization to safeguard include regularly updating software systems and OS to fix known vulnerabilities. Installing, and maintaining anti-malware solutions, rightly configuring IDS/IPS, implementing Web Application Firewall, and Network access controller (NAC).

Deploy Managed Detection and Response (MDR) Services, which cover threat hunting, monitoring, investigation, and response, could help companies deter ransomware attacks.

Educating and awareness of employees on safe online practices, understanding phishing, vishing, and social engineering attacks, and deploying Anti Phishing solutions can be helpful to safeguard the first line of cyber defense.

Deploying EDR Endpoint Detection and Response (EDR) services can be value-end-protecting endpoints. However, EDR should be distinct from MDR. EDR focuses on endpoint security where, whereas MDR is managed, Managed Detection and Response across IT. EDR is often built as part of MDR as Managed Service with Round-the-Clock Network Monitoring, Threat Detection and Response, and Threat Hunting Security Systems Management.

Both MDR and EDR offer their benefits to organizations. EDR is better suited for those looking to enhance their endpoint security. In contrast, MDR is a better option for those seeking a comprehensive IT management and security service to protect their business data.

Here are some best practices organization can follow to safeguard against Ransomware attacks :

1. Regularly backing up important data and storing the backups offline or in the cloud
2. Conducting regular security audits and vulnerability assessments
3. Implementing security tools like intrusion detection and prevention systems (IDPS)
4. Deploying endpoint protection solutions
5. Regularly monitoring network activity for suspicious behavior
6. Having an incident response plan in place and practicing it regularly

Cyber Threat Intelligence (CTI) can play a critical role in early detection of ransomware attacks by providing organizations with real-time visibility into the threat landscape and enabling them to identify and respond to emerging threats quickly. CTI also helps identify potential attackers and their tactics, techniques, and procedures (TTPs), which can be used to develop proactive defense strategies.

Cyber Threat Intelligence (CTI) can help early detect ransomware attacks by providing organizations with the necessary information to identify and mitigate potential threats before they can cause damage. CTI can provide organizations with information on known ransomware families, the tactics, techniques, and procedures (TTPs) used by ransomware groups, and indicators of compromise (IOCs) that can be used to detect an attack. Additionally, CTI can inform organizations about the latest vulnerabilities and exploit kits to spread ransomware and news on the most likely attack vectors to deliver malware. With this information, organizations can proactively implement security controls and monitoring mechanisms to detect and prevent ransomware attacks.

 - Kanishk Gaur is a renowned Cyber Security, Public Policy, Government Affairs Specialist, and Digital Technology Expert based out of New Delhi.