Share this article on:
Ransomware attacks cripple organisations in minutes, leaving them incapable of accessing critical data and unable to do business. How to expedite recovery and build resiliency.
Ransomware continues to be one of the biggest threats to businesses worldwide. According to Cybersecurity Ventures, organisations will face a new ransomware attack every two seconds by 2031, up from every 11 seconds in 2021.
In fact, the threat of new ransomware models is now the top emerging risk facing organisations, according to Gartner’s recently released Emerging Risks Monitor Report. This heightened threat level is because ransomware attacks can cripple organisations in minutes, sometimes leaving them incapable of accessing critical data and unable to do business. Further, in recent years, threat actors have moved from just infesting systems with ransomware, to multi-faceted extortion where they also publicly name victims, steal data, then threaten to release or sell their information.
As we head towards 2023, amid economic uncertainty, political unrest, and the accelerated adoption of “work-from-anywhere,” ransomware is more prevalent, more sophisticated, and more capable of disruption than ever before. As such, organisations must now plan for ‘when’ – not ‘if’ – they are successfully breached, and bolster their preparedness and recovery efforts to extend to all their endpoint devices.
Highest levels of resiliency
Absolute Ransomware Response enables organisations to assess their ransomware preparedness for endpoints, monitor endpoint cyber hygiene across their entire device fleet, and expedite endpoint recovery in the event of an attack. This improves a company’s confidence in being able to prepare for, respond to and quickly bounce back from a cyberattack and in the stress of incident response, can provide one less thing to worry about.
Embedded in more than half a billion devices, Absolute’s Persistence technology enables organisations to maintain an unbreakable, two-way connection to every device. This gives organisations the highest levels of resiliency to maintain control amid chaos, with the reassurance that their mission-critical applications are safe, even when starting from ground-zero. So, when the worst-case scenario does happen and organisations fall victim to threat actors’ nefarious tactics, businesses can remediate, eradicate and fully recover from the attack – and in turn, mitigate prolonged downtime, financial loss and reputational damage.
After recently encountering a ransomware attack, a large US retailer was forced offline during the first week of an attack. The attackers explicitly rendered the customer’s security and management tools inoperable prior to dropping the ransomware. This put the retailer into a state where they couldn’t prevent the infection spread or restore the already infected machines.
By using a combination of Absolute’s Application Resilience capabilities and custom scripting, the retailer was able to break the re-infection cycle by identifying and quarantining the infected machines, reinstalled updated security tools, and kept users safely offline until the machines were restored to an operable, protected, and infection-free state. This ensured the recovery efforts could begin much faster, leaving the company with the confidence that critical security controls will remain installed and healthy, minimising risk exposure against future ransomware attacks.
Expediting recovery
An approach like this expedites recovery and offers remote assistance, equipping businesses with the capabilities to continue operating, even while under attack - including the ability to communicate with end users even when their devices are compromised, freeze endpoints to preserve evidence for litigation purposes, and potentially limit further spread of infection.
This also assures that endpoint security or other device management tools that might have been rendered inoperable are functioning even under distress, and execute custom workflow and task automation commands to expedite device recovery leveraging a library of hundreds of custom scripts (e.g., re-imaging devices, shutting down a particular port, quarantining devices).
Absolute provides an undeletable digital tether to every device. Leveraging this unbreakable, two-way connection to monitor mission-critical security applications’ health and behaviour provides a centralised point that simplifies management and strengthens security effectiveness. We can detect if these applications are missing, corrupted, or not running; and can automatically repair or reinstall components when necessary, without requiring human intervention.
Today’s complex and widely distributed device environments have put endpoint agents at constant risk of colliding with other applications, or being disabled by malicious or negligent users. As such, now is the time for organisations to take the critical steps needed to harden their mission-critical endpoint application and strengthen their overall endpoint security posture.
It’s important to balance a productive end user experience that employees love with defending the organisation from external threats and internal threats. Once devices are properly activated and working properly in customer environments, we can collect very important and unique telemetry that gives us the ability to become a source of truth, Then, we can work in a bespoke way to address specific challenges an organisation may face – particularly as more and more organisations stand up ‘work-from-anywhere’ IT and Security models.
At every touchpoint, we want to ensure organisations can rely on critical security controls in order to keep their data, devices and brand reputation intact, and in the event of a ransomware attack, quickly recover endpoints.