Organisations urged to take a proactive approach to ransomware threats

With July named Ransomware Awareness Month, organisations are urged to understand the nature of ransomware threats and adopt effective strategies to mitigate them.

Several cybersecurity experts have expressed the pressing need for proactive and resilient approaches in combating these pervasive threats.

James Blake, VP of Global Cyber Resiliency Strategy at Cohesity, highlights the severe economic implications of modern cyber attacks like ransomware.

Blake notes, "Today, destructive cyber attacks such as ransomware or wiper attacks have massive economic implications and can lead organisations to losses related to inability to make revenue or provide essential services, impacting both consumers and supply chain partners."

He emphasises that effective and efficient response and recovery are crucial to building cyber resilience, especially given that 78% of organisations are targeted by ransomware two or more times within a year.

Alex Spivakovsky, VP of Research at Pentera, argues for a shift from a reactive to a proactive security mindset.

Spivakovsky explains, "We need to stop accepting the idea of ransomware as a foregone conclusion. The key is to shift from a reactive mindset predicated on detection and response to proactively testing defences to ensure readiness."

According to Pentera's yearly State of Pentesting report, infrequent testing against real ransomware campaigns leaves organisations vulnerable, as 60% of enterprises conduct pentests at most twice a year. Proactive testing enables security teams to identify weak points and improve their defences, reducing the risk of ransomware exploitation.

Geoffrey Mattson, CEO of Xage, stresses the deficiencies in traditional ransomware detection and response strategies.

Mattson says, "Ransomware has evolved into a pervasive and costly threat, with organisations facing crippling financial losses, operational disruptions that drag on for months, and reputational damage."

He calls for a multi-layered, prevention-focused cybersecurity strategy to combat ransomware effectively. Mattson elaborates that measures such as multi-factor authentication, identity-based internal segmentation, automated credential rotation, and zero-trust access control are essential in fortifying defences and creating a resilient security posture.

By focusing on prevention, organisations can mitigate the immediate costs associated with ransomware attacks and protect against long-term consequences, such as data loss and reputational harm.

Amidst these expert commentaries, real-world incidents continue to underscore the urgency of robust cybersecurity practices. Microsoft has warned about ransomware gangs exploiting a VMware ESXi authentication bypass vulnerability, designated CVE-2024-37085. Although the security advisory provided a moderate severity rating, the exploitation of this vulnerability can be catastrophic. Successful attacks can give adversaries control over ESXi hosts, allowing them to access the contents of underlying virtual machines.

Scott Caveza, Staff Research Engineer at Tenable, comments on this vulnerability stating, "Several ransomware groups have targeted virtual machines as part of their attack chains, which can have a crippling effect on an impacted organisation."

He explains that these financially motivated groups often rely on phishing, credential theft, and the exploitation of known vulnerabilities to deploy ransomware and exfiltrate data. Caveza highlights that, while a medium severity vulnerability may be a lower priority for patching, attackers are adept at chaining together multiple vulnerabilities to achieve a complete network takeover.

As ransomware attacks become increasingly sophisticated and frequent, experts stress the need for organisations to prioritise proactive measures and maintain rigorous security testing. By doing so, they can better safeguard their critical assets, ensure business continuity, and mitigate the far-reaching impacts of ransomware.