Last updated at Fri, 13 Sep 2024 19:16:20 GMT
As ransomware threats continue to evolve, security and risk management leaders must stay ahead by adopting comprehensive strategies to protect their organizations. The 2024 Gartner report, “How to Prepare for Ransomware Attacks”, provides critical insights into the latest tactics used by bad actors and offers practical solutions on how to fortify defenses.
Below, we highlight our four key strategy takeaways from the report to help your organization prepare for and respond to ransomware attacks.
Adapt to the rise of extortionware
Traditional ransomware tactics are shifting towards extortionware—where attackers steal data and demand payment for its destruction rather than encrypting it. This growing threat emphasizes the need for robust data protection strategies.
According to Gartner: "Extortionware (encryption-free, data theft attack) is a growing tactic being used by bad actors."
This evolution in tactics, which includes the emergence of 21 new ransomware groups in the first half of 2024, as noted in Rapid7’s Ransomware Radar Report, underscores the need for organizations to continuously update their defenses to counter new threats.
Actionable Strategy: Regularly update your threat models and security measures to account for new and emerging ransomware groups. Invest in advanced threat intelligence to stay informed about the latest tactics used by these criminal enterprises.
Strengthen your defenses with advanced detection technologies
This is increasingly important as ransomware attacks are becoming more frequent and sophisticated. Rapid7’s research highlights a 23% increase in ransomware posts on leak sites during the first half of 2024, further emphasizing the growing threat landscape.
We believe Gartner reinforces the importance of detection, stating: "… identity threat detection and response (NDR) tools collect indicators of compromise (IOCs) and events that alert you to anomalous behaviors that could indicate that an attack 'may' be underway."
In addition to these detection tools, Gartner advises that a defense strategy should include Endpoint Protection Platforms (EPPs), EDR, and mobile threat defense (MTD) solutions.
For organizations lacking the necessary in-house expertise or resources, Gartner recommends supplementing EDR with managed services: "If internal teams don’t have the necessary skill set or bandwidth, supplement EDR with managed services (see Market Guide for Managed Detection and Response Services)."
Actionable strategy: Implement and regularly update behavioral-anomaly-based detection technologies. Ensure that your security operations center (SOC) is equipped to respond swiftly to any detected threats.
Rapid7’s Managed Threat Complete, which integrates core MDR functionality with transparency into operations and technology, ensures comprehensive visibility across endpoints, networks, users, and cloud infrastructure. We believe this aligns with the Gartner recommendation to supplement EDR with managed services to enhance your organization’s security posture (see the Gartner Market Guide for Managed Detection and Response Services).
Pay attention to vulnerable targets
While large organizations are often targeted, mid-sized companies are increasingly vulnerable to ransomware attacks. Rapid7’s findings support this, showing that companies with $5 million in annual revenue are being attacked up to five times more often than larger enterprises. These organizations are particularly attractive to attackers due to their valuable data and often less mature security defenses.
Actionable strategy: Mid-sized organizations should prioritize investing in mature cybersecurity defenses, particularly in endpoint protection, identity management, and regular security training for employees.
You can view the Rapid7 Ransomware Radar Report here.
Pay attention to vulnerable targets
While large organizations are often targeted, mid-sized companies are increasingly vulnerable to ransomware attacks. Rapid7’s findings support this, showing that companies with $5 million in annual revenue are being attacked up to five times more often than larger enterprises. These organizations are particularly attractive to attackers due to their valuable data and often less mature security defenses.
Actionable strategy: Mid-sized organizations should prioritize investing in mature cybersecurity defenses, particularly in endpoint protection, identity management, and regular security training for employees.
You can view the Rapid7 Ransomware Radar Report here.
Prepare with a comprehensive ransomware playbook
One of the key insights from the Gartner research is the critical importance of having a well-prepared incident response plan. Given the increasingly sophisticated nature of ransomware groups—many of which now operate like full-fledged businesses with their own marketplaces and support networks—a detailed and rehearsed ransomware playbook is essential for any organization.
Gartner states: "Develop an incident response plan with containment strategies that is augmented with a ransomware playbook."
Actionable strategy: Develop and regularly update a ransomware playbook that includes clear roles, decision-making protocols, and communication plans. Conduct regular tabletop exercises to ensure your team is prepared to act swiftly and effectively.
Conclusion: fortify your defenses against ransomware
Ransomware is an ever-present threat that requires a proactive, multi-layered approach to defense. We feel the 2024 Gartner Report “How to Prepare for Ransomware Attacks” provides essential strategies for preparing, detecting, and responding to these attacks. By implementing these recommendations, we believe your organization can better protect itself against the evolving tactics of cybercriminals.
Download the full Gartner report to explore detailed insights and recommendations for strengthening your ransomware defenses.
Gartner, Inc. How to Prepare for Ransomware Attacks. Paul Furtado. 16 April 2024.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the
U.S. and internationally and is used herein with permission. All rights reserved.