News headlines in recent months have made it clear that ransomware is not just another urban horror story, as it has become the most frightening threat to companies in Latin America. Kaspersky figures reveal that ransomware gangs are stalking their victims to deliver a devastating blow: between July 2022 and July 2023, the company blocked 1.15 million attempted ransomware attacks in the region, equivalent to 2 blocks per minute.
For the most part, these types of attacks follow a fairly common methodology: an employee takes the bait of social engineering tactics and opens a malicious email attachment. Or, attackers gain access to a company’s systems by obtaining their credentials and passwords through leaks, using brute force techniques, or purchasing this initial access data on the Dark Web. Another attack vector that cybercriminals commonly take advantage of are vulnerabilities in programs or apps since, if they are not patched, they allow them to infiltrate a corporate network.
Unfortunately, this nightmare materializes daily, leaving new victims in public and private institutions, regardless of their industry or size. The attacks are increasingly terrifying because they no longer only consist of hijacking companies’ equipment and infrastructure, thus paralyzing their operations, but also of stealing customer and employee data, intellectual property, and confidential information and then extorting them for a ransom for their money. release and/or prevent its publication.
So that companies do not fall asleep in the face of this threat, Kaspersky has compiled guides so that both SMEs and large companies can get rid of this nightmare.
Know what the possible failures are in your systems, network and structure
You can perform an internal audit or evaluate external security diagnostic services, such as phishing simulations or digital risk reports on the attack vectors associated with an organization’s entire digital footprint.
Assess your employees’ knowledge
Ensure that the security team has the information necessary to evaluate defenses against ransomware and can plan incident response actions that prevent an incident from being successful. If you do not have specialized knowledge, there are training courses available. Also evaluate whether employees generally have the basic knowledge to avoid becoming victims of scams. One click can allow the criminal to access the network. Additionally, a security training routine must be maintained for all employees, adapting modules to specific needs.
Regularly check that your defenses are working at an optimal level
Today, there are several technologies that allow you to act proactively to prevent an attack, for example:
-Threat intelligence reports with information on the discovery, modus operandi and ways to identify each new ransomware on corporate infrastructure.
-EDR technologies that offer advanced detection of malicious activities.
-Ongoing attack discovery services, which perform an in-depth review of systems, network and equipment to assess weaknesses in corporate defense. This diagnosis can be performed annually or whenever malicious activity is suspected.
-Analyze comparative tests or perform an internal analysis to guarantee real protection. The AV-Test laboratory has recently published a specific report on protection against ransomware.
-Check backups regularly. It is common for companies to generate backup copies and, at the next moment of the process, the file is intact. Unfortunately, errors are common and a defective copy may exist. Ensure files are OK to allow quick resumption of operations.