Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Ransomware Readiness: 10 Steps Every Organization Must Take

At the end of every year, the Trustwave content team asks its in-house experts what cybersecurity topics they predict will be top of mind in the coming 12 months, and inevitably the top answer is more ransomware.

Instead of waiting an extra couple of months, we thought why not get ahead of the curve, pretend that ransomware will again be an issue, because it will, and proceed to the part of the story where we go through the problem and mitigation methods.

Recent research compiled by Trustwave SpiderLabs from several sources was the basis for the chart below that graphically displays which ransomware threat groups are most active. The team’s work revealed Clop, Lockbits 2.0 and 3.0, Conti, and ALPHV are the most active when it comes to spreading ransomware.

Raw data taken from ransomlook.io and ecrime.ch. Analysis done by Trustwave SpiderLabs.
Raw data taken from ransomlook.io and ecrime.ch. Analysis done by Trustwave SpiderLabs.

Microsoft, which partners with Trustwave on a variety of solutions designed to help organizations unlock the full potential of Microsoft Security under its Microsoft 365 enterprise plans, noted in its latest report a 2.75X increase year over year in human-operated ransomware attacks on its customer base.

Trustwave and Microsoft have noted that social engineered email, SMS and voice-based phishing attacks, along with identity compromise, exploiting known vulnerabilities and running unpatched operating systems were the primary methods threat actors used to gain an initial foothold.

The reason behind this activity is obvious. Big bucks.

According to several sources, the attackers have made about $3.75 billion over the last five years, with this number ramping up with $1.1 billion being illegally garnered in just 2023. These billions of stolen dollars equate to each attack costing the victim about $5 million, with a mean time to identify an issue of 211 days and mean time to contain of 73 days. US-based targets received 48% of all ransomware attacks, followed by the EU, 19%, UK, 12%, and Australia 2%.

These numbers are intimidating, but the silver lining is every organization has the ability to take the steps necessary to harden itself against a ransomware attack.

 

Be Fundamentally Sound

  1. Know Your Assets and Manage Vulnerabilities: Understand your critical systems, their dependencies, and who is responsible for them. Identify, manage, and communicate known vulnerabilities and weaknesses to develop effective remediation plans. Assets can be assessed using a managed vulnerability scanning solution, which will help prioritize protection and recovery of business-critical assets to minimize disruption.
  2. Foster a Cyber-Conscious Culture: Promote a security-aware culture through training, awareness programs, and designating cyber champions. Include security in performance objectives.
  3. Develop Robust Plans: Create documented incident response, business continuity, and backup plans. Regularly review and update these plans to reflect changes in your organization.

 

Testing and Evaluation

  1. Test Your Plans: Regularly test incident response and business continuity plans in simulated environments to identify and address weaknesses.
  2. Conduct Proactive Testing: Use penetration testing and Red/Purple team exercises identify vulnerabilities and assess data exposure.
  3. Collaborate: Conduct tabletop exercises to train staff on incident response procedures and ensure effective collaboration with external suppliers.
  4. Consider Data Privacy: Understand relevant data privacy laws and be prepared to address potential breaches.

 

Collaboration and Preparedness

  1. Collaborate with Suppliers: Work with external suppliers to understand how and when to engage them during an incident.
  2. Train Employees: Provide comprehensive training and awareness programs that focus on prevention, detection, and response.
  3. Prepare for Data Breaches: Understand the potential impact of data breaches on your organization and have a plan in place to address legal and regulatory requirements.

Step 10 needs to be fleshed out a bit. All conversations on ransomware prevention and preparedness must include information on what to do if the unthinkable happens and your organization is successfully attacked.

It is all about the speed of detection and speed of response. As noted above, the average MTTI and MTTC can be quite long, which means the faster an organization can mitigate an incident, the better. Organizations that partner with managed security service providers can ensure there are always eyes on the environment. Adversaries can attack any system at any time of day.

It's also important that organizations have an incident response retainer. We've seen organizations who recognize that they have been attacked but never switch to partner organizations that can help respond to the attack. Meanwhile, the attacker gains more and more information and sensitive data from the network.

 

The Role Trustwave Plays to Keep Organization’s Safe

Trustwave offers comprehensive support for dealing with ransomware attacks through several key services:

  1. Ransomware Preparedness Service: This service helps organizations assess their current defenses and readiness to handle ransomware threats. It includes evaluating critical lines of defense, such as security controls, detection capabilities, and response strategies.
  2. Digital Forensics and Incident Response: Trustwave’s incident response team can quickly mobilize to contain and mitigate the impact of a ransomware attack. This team provides detailed analysis of the attack, including how the threat actors infiltrated the system and the techniques they used.
  3. Advanced Threat Hunting and Intelligence: Trustwave’s threat hunters proactively search for signs of malicious activity within your network. This helps in identifying and neutralizing threats before they can cause significant damage.
  4. Layered Email Security: Ninety percent of data breaches occur due to an email-based phishing attack, so it’s imperative to have a layered approach in place. The combination of Trustwave MailMarshal and Microsoft 365 Email delivers unprecedented protection.
  5. Post-Attack Recovery: After an attack, Trustwave assists with recovery efforts, including malware eradication, system restoration, and strengthening defenses to prevent future incidents.

These services collectively ensure that organizations are not only prepared to handle ransomware attacks but also equipped to recover swiftly and strengthen their security posture for the future.

By implementing these strategies, organizations can build a strong cybersecurity foundation and significantly reduce their risk of falling victim to ransomware attacks.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo