Learn how hybrid work is fueling ransomware attacks and what to do about it.
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Share this article
Ransomware continues to torment cybersecurity professionals around the world. More than 70 percent of organizations were hit by ransomware attacks in 2021, according to the 2022 CyberEdge Cyberthreat Defense Report — a staggering increase from 55 percent in 2018. These attacks shut down businesses, disrupt public infrastructure, and cost organizations billions of dollars in ransom payments at a time when the world continues to deal with the global pandemic, increasingly volatile geopolitical tensions, and other disruptions ranging from supply chain crises to rising inflation.
Attackers know that ransomware is incredibly easy to execute and scale, and new digital payment methods such as cryptocurrencies make it easy to hide identities and bury a paper trail — all of which has put security departments on alert. In a recent study, 22 percent of cybersecurity professionals shared that ransomware readiness is their most important business priority, while nearly half (46 percent) indicate it is one of their top five business priorities.
The surge in these attacks can be attributed to multiple factors:
Preventing ransomware requires that organizations shift from a traditional detect-and-respond approach to a Zero Trust mindset. This proactive, preventative approach safeguards mobile, distributed, and often unmanaged endpoints; stops the lateral spread of attacks on the network; and alleviates pressure on Security Operations Center (SOC) teams.
In addition, organizations can provide a boost to their security via isolation technology, which can act as an abstracted layer in the cloud between the Internet and users’ devices. All content is routed through the Secure Web Gateway (SWG), where it is executed in an elastic sandbox in the cloud. This prevents all code — whether malicious or not — from executing on endpoints, effectively cutting off any access a malicious actor has to the network. Given that many of us now spend around three-quarters of our day using a web browser, isolation can also protect users against HEAT attacks from delivering malicious payloads. All web communication can be authenticated in the moment, enabling a Zero Trust approach to security that protects devices, applications, and users wherever they are located.
Here are three ways that Zero Trust powered by isolation technology can help stop ransomware attacks:
Ransomware loves to take advantage of vulnerabilities in existing network configurations, such as open RDP ports and unsecured VPNs. Unfortunately, the expansion of attack surfaces means that it is virtually impossible for security teams to completely close off these entry points. They are too numerous, too distributed, and too often forgotten. With isolation technology, however, it doesn’t matter if these ports are closed or not, because all traffic — whether it is suspicious or not — is routed through the isolation layer in the cloud. Traffic is never executed on the endpoint, and therefore ransomware cannot grab a foothold into the network.
Routing all traffic through an abstracted layer in the cloud gives organizations the visibility they need to identify and stop abnormal behavior that, on the surface, may seem innocuous. For example, a user with the appropriate credentials should be able to access financial information on a server. But what if the user is logging in from Albania? Or what if they are attempting to download the entire payroll database to an unknown Google drive? Visibility into entities, where they are located, and the commands they are executing enable a Zero Trust approach to cybersecurity.
Most ransomware relies on the fallibility of humans. Someone has to click on a link. Someone has to visit a corrupted website. Someone has to enter their credentials into a false web form. When mistakes happen, it’s critical that the organization has a recovery plan in place to assess the situation and determine the next best action. Answering questions such as “Can we recover lost data?”, “How will this impact operations?”, “Are we vulnerable anywhere else?”, and, most importantly, “Should we pay the ransom?” requires context and visibility into the network. Isolation technology makes this possible.
Ransomware is a top concern among businesses today, and it will continue to vex security teams in the future. Zero Trust powered by isolation and delivered through a SASE framework provides the best defense against these often-successful and disruptive attacks.
Neko Papez on May 31, 2022
HEAT, Threat Research
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.