5 Steps to Ransomware Defense

How to strengthen your defenses beyond the perimeter

TABLE OF CONTENTS

The rise and spread of ransomware 03

The business of ransomware will cost you 04

Stop lateral movement. Stop ransomware spread. 05

Building an iron-clad defense strategy 06

What’s happening in your network? 07

Building a ransomware defense strategy 08

The bottom line 09

Akamai.com 02
Introduction

The rise and spread of ransomware

Ransomware, once simply a nuisance strain of malware used by threat actors to restrict
access to files and data through encryption, has morphed into an attack method of epic
Ransomware attacks
are predicted to occur
proportions. While the threat of permanent data loss alone is jarring, cybercriminals and
nation-state hackers have become sophisticated enough to use ransomware to penetrate
and cripple large enterprises, state and local governments, global infrastructure and
healthcare organizations, and more. Many of these groups are even offering their services
for hire as ransomware as a service (RaaS).
every two seconds
by 2031 and cost
$265 billion annually.
Cybercrime magazine

Akamai.com 03
The business of ransomware will cost you Did you know?
In 2022, a ransomware attack forced 7-Eleven to close 175 stores as they were unable to use their cash
registers or accept payment. Earlier that year, a BlackCat ransomware attack on a German oil company
The average cost
impacted 233 gas stations, with Royal Dutch Shell having to reroute their shipments to different supply
depots because of the issue. The Colonial Pipeline attack occurred in May 2021, disrupting oil and gas
deliveries all along the U.S. East Coast. And in 2020, the Snake ransomware attack brought Honda’s global
of a ransomware
attack in 2022 — not
operations to a standstill.

Today, through a mix of outdated technology, “good enough” defense strategies focused solely on
perimeters and endpoints, lack of training (and poor security etiquette), and no known “silver bullet”
solution, organizations of all sizes are at risk. Cybercriminals are making it their business to encrypt as
much of a corporate network as possible, to extort a ransom ranging from thousands to millions of dollars.
including the cost of
But there is more at stake than just your bottom line. The aftermath of a ransomware attack can be
detrimental: Downtime can stop business operations, disrupt productivity, and compromise your data.
the ransom itself —
Once proprietary company data is leaked or compromised, you will likely suffer damage to your brand and
loss of customer loyalty. According to a 2020 survey, 80% of data breaches included personally identifiable was $4.54 million.
information (PII) of customers, intellectual property was compromised in 32% of breaches, and anonymized
customer data was compromised in 24% of breaches. Not to mention, threat actors can use this sensitive IBM Security
data against your business or to carry out other insidious acts, including selling confidential data.

With the threat of ransomware propagating quickly across networks, protecting the perimeter alone simply
isn’t enough.

Akamai.com 04
Stop lateral movement.
Stop ransomware spread. You should be worried
A ransomware attack begins with an initial breach, often enabled by a phishing email, vulnerability in the about downtime.
network perimeter, or brute-force attacks that create openings while distracting defenses away from the

16.2
attacker’s actual intent.

Once the attack has landed in a device or application, it proceeds through lateral movement across the
network and multiple endpoints to maximize the infection and encryption points. Attackers will typically
seize control of a domain controller, compromise credentials, then find and encrypt the backup to prevent
the operator from restoring the frozen services.

Lateral movement is critical to the success of an attack. If the malware can’t spread beyond its landing The average number
point, it’s useless. So prevention of lateral movement is essential.

of days a ransomware
How comprehensive is your ransomware incident lasts.
threat mitigation strategy?
Coveware

Akamai.com 05
Risk mitigation Four ways to make security planning a priority
Building an iron-clad Security should be part of your organization’s broader preparedness strategy,
planning, and budget. This means raising awareness with C-level executives
defense strategy and board members, and remaining vigilant about potential risks and what
you need to mitigate them.

1.
Detecting and preventing lateral movement inside your network boils Make sure you include cybersecurity in the function that manages
down to two main focus areas: First, reduce the initial attack vector, and overall risk mitigation for your organization. And ensure there is
then limit the propagation paths. security expertise on your leadership team.

2.
You can do things like limit the amount of servers that are exposed to Don’t forget to dedicate budget and resources into backup generation
the internet, keep up with patch management to ensure a smaller attack and network segmentation.
surface, practice ringfencing to reduce the propagation paths between
applications, and back up your data so you can get back online quickly
and avoid widespread data loss if an attack occurs.
3. Create response plans in advance of a disaster or adverse event
(like a ransomware attack). Being organized and prepared means
you can react more quickly and efficiently.

4. Analyze the security impact every time you integrate, design, or

develop new products and services. Ask yourself: Am I opening
a new door for attackers?

Akamai.com 06
Ransomware detection checklist
What’s happening in
your network?
If your organization is like many others, detecting ransomware
can be a challenge. Unfortunately, this means your network
is vulnerable to attack. Without strong detection capabilities,
by the time you receive a ransom note, it’s already too late:
Most of your network will be encrypted at the same time.
When it comes to detection, you must catch ransomware
while it’s spreading. Here’s what you’ll need:
Strong visibility Segmentation policy
If you don’t know what’s happening Once every communication is
in your network, you can’t detect defined and accounted for, anything
ransomware or other unwelcome outside the norm will rise to the
cyberthreats. surface, and you will be alerted.
IDS system and malware Deception tools
detection tools
Setting up lures, honeypots, or a
These will detect the propagation distributed deception platform that
attempts of the ransomware can identify unauthorized lateral
operators, using predefined rules and movement can be an effective way
signatures for known vulnerabilities to discover an active breach in
or exploits or with more general or progress with high-fidelity incidents.
automated anomaly detection.
Akamai.com 07
Building a ransomware defense strategy
Despite the best perimeter defenses, breaches are inevitable. This is why you must have a defense strategy in place that minimizes the effectiveness of an attack and stops
the spread within your network. Find a vendor that offers a comprehensive security solution that detects threats in east-west data center traffic and blocks lateral movement.

Prepare Prevent Detect Remediate Recover

Find a solution that allows you
to identify every application
and asset running in your IT
environment. This level of
granular visibility will allow you
to quickly map critical assets,
data, and backups, and to identify
vulnerabilities and risks. By having
a complete picture of your network
environment, you’ll be able to
respond and quickly activate rules
during a breach.
Your solution should enable you
to create rules to block common
ransomware propagation
techniques. By using software-
defined segmentation, you can
create Zero Trust microperimeters
around critical applications,
backups, file servers, and
databases. You can also create
segmentation policies that restrict
traffic between users, applications,
and devices, ultimately blocking
lateral movement attempts.
Implement a solution that alerts Automatic initiation of threat Finally, you need visualization
you to any attempts to gain containment and quarantine capabilities that support phased
access to segmented applications measures when an attack recovery strategies in which
and backups. These blocked is detected is critical. Apply connectivity is gradually restored
access attempts are indicators isolation rules that allow the rapid as different areas of the network
of lateral movement. Also, you disconnection of affected areas of are validated as “all clear.”
should incorporate reputation- the network, while segmentation
based detection that alerts to policies block access to critical
the presence of known malicious applications and system backups.
domains and processes. By
enabling fast discovery of attacks
that have successfully breached
the perimeter, you can minimize
dwell time and catch attackers
before they can move past the
landing point.

Akamai.com 08
Conclusion

The bottom line Stop the lateral movement of ransomware

in your network. Let Akamai show you how.
Are you confident in your existing defense strategy?
Ransomware isn’t going away. In fact, ransomware affected 66% of organizations in
2021, an increase of 78% over 2020, and that number does not seem to be dropping.
Please visit akamai.com/guardicore
This means the world will continue to experience a higher frequency of attacks, for more information.
larger and higher-value targets, and more costly ransom demands — all with dire
consequences for your business. Now more than ever, you need advance planning
and risk mitigation strategies that go beyond a perimeter-only approach.

Akamai protects your customer experience, workforce, systems, and data by helping to embed security into everything you create — anywhere you build it and
everywhere you deliver it. Our platform’s visibility into global threats helps us adapt and evolve your security posture — to enable Zero Trust, stop ransomware, secure
apps and APIs, or fight off DDoS attacks — giving you the confidence to continually innovate, expand, and transform what’s possible. Learn more about Akamai’s cloud
computing, security, and content delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn. Published 05/23

Akamai.com 09