By Aamir Lakhani, Global Security strategist and researcher at Fortinet

If the growth of ransomware attacks in 2022 indicates what the future holds, security teams everywhere should expect to see this attack vector become even more popular in 2023. In just the first half of 2022, the number of new ransomware variants we identified increased by nearly 100% compared to the previous six-month period, with our FortiGuard Labs team documenting 10,666 new ransomware variants in 1H 2022 compared to just 5,400 in 2H 2021. This explosive growth in new ransomware variants is primarily thanks to more attackers taking advantage of Ransomware-as-a-Service (RaaS) subscriptions on the dark web.

However, even with the increase in ransomware variants, the techniques we see bad actors using to deliver ransomware remain largely the same. This predictability is good news because security teams have a reliable blueprint for protecting against these attacks. Here's a closer look at ransomware mitigation strategies and how you can implement these in your organization.

What is Ransomware?

Ransomware is malware that holds data hostage in exchange for a ransom. It threatens to publish, block, or corrupt data—or prevent a user from working on or accessing their computer unless they meet the attacker’s demands. Today, ransomware is often sent through phishing emails. These malicious attachments infect a user’s computer once opened. Ransomware can also be spread through drive-by downloading, which happens when a user visits a website that happens to be infected. The malware on that site is downloaded and installed without the user realizing it.

Social engineering often plays a role in a ransomware attack as well. This is when an attacker tries to manipulate someone into divulging confidential information. One common social engineering tactic is to send emails or text messages to scare the target into sharing sensitive information, opening a malicious file, or clicking on a malicious link.

What is Ransomware Mitigation?

Attempted attacks and data breaches are inevitable, and no organization wants to be forced to decide between paying a ransom and losing important data. Fortunately, those aren’t the only two options. The best path forward is to take appropriate steps to safeguard your networks, which will lessen the chances your enterprise will be hit with ransomware. This approach requires a layered security model that combines network, endpoint, edge, application, and data-centre controls, as well as updated threat intelligence. 

In addition to implementing the right security tools and processes, don’t forget the role cybersecurity education plays in your mitigation strategy. Teaching employees how to spot a ransomware attack—and educating them about strong cyber hygiene practices in general—is a great defence against clever attackers.

"Teach employees how to spot signs of ransomware, such as emails designed to look like they are from authentic businesses, suspicious external links, and questionable file attachments."

Understanding the Risks That Make Ransomware Mitigation Necessary

Look around any organization, and you'll likely find security “gaps” that increase the chances of a business falling victim to a ransomware attack. Here are several common challenges security teams and their organizations face, which can make them more vulnerable to cyber incidents.

1. Lack of cyber hygiene knowledge among employees: Human behaviour continues to be a significant factor in most security incidents. Beyond understanding the signs of ransomware, a lack of general cybersecurity education among employees can put your organization at risk. According to the Verizon 2022 Data Breach Investigations Report, 82% of breaches that occurred in the past year involved the human element.
2. Weak password policies: Insufficient policies relating to employee credentials—or having no policy—increase the likelihood that an organization will experience a security breach. Compromised credentials are involved in nearly 50% of attacks.
3. Insufficient security monitoring and processes: No single tool offers everything your security team needs to monitor for and protect against potential cyber incidents such as ransomware. A layered security approach can help you adequately manage your enterprise’s risk.
4. Staffing shortages among security and IT teams: It’s no secret that you must have individuals with the right skill sets on your team to support monitoring and risk mitigation efforts to combat cybercrime effectively. Yet data shows that the cybersecurity skills gap presents an ongoing challenge for CISOs: how to attract and retain new talent while ensuring current team members get the necessary training and upskilling opportunities.