Post-infection Remediation Needed to Combat Ransomware Attacks

In 2022, ransomware cost organizations an estimated $20 billion despite the number of attacks going down overall. Ninety percent of organizations reported ransomware attacks, according to new SpyCloud research, illustrating the grim reality that ransomware is a commonplace concern in today’s security landscape.

Unfortunately, organizations can expect threats from cybercriminals to become more sophisticated in 2023. “I think in [2023], we will see even more professionalization and division of labor within these underground groups than we have already seen,” said CW Walker, director of security product strategy at SpyCloud. “We may see new criminal industries grow to support ransomware syndicates, such as what we've seen with initial access brokers.”

As attackers become more organized, so must IT leaders, Walker said.

Include Post-infection Remediation in Ransomware Defense

The most dangerous mistake that organizations make is to fail to properly remediate infections. Failure to do so leaves entry points for future attacks via corrupted systems.

Responding to an attack by simply wiping a device is not enough. Even if wiping a device cuts an attacker’s access to the device in the short term, it does not address credentials, cookies, or other data that criminals have accessed. If attackers can access an organization’s systems, they can deploy infostealer malware such as Raccoon or RedLine Stealer, which procures data needed to carry out future attacks.

Related:Ransomware Defense a Top 2022 Cybersecurity Trend, Challenge

Post-infection remediation approach is a critical part of fighting ransomware threats. “Post-infection remediation requires organizations to proactively scan the darknet for malware-exposed assets and credentials to give security teams more complete visibility into their attack surface,” Walker said of the process. “Acting on the information gained from monitoring the criminal underground, security teams can properly remediate all entry points – including exposed users, applications, and devices.”

Remote working poses an ongoing challenge in this regard. Many remote employees access company data on unsecured devices, which might house an organization's credentials or other sensitive information. Since employees’ personal devices are often unaccounted for when surveying a business’s IT infrastructure, it can become difficult to understand an attack surface.    

As is often the case with cybersecurity, organizations must combat threats with vigilance and a companywide dedication to security best practices.