Chapter 3. Defending Against Ransomware and Data Extortion Attacks
Considering the multitude of ways in which ransomware and data extortion attacks harm businesses financially and legally, security controls are well worth an investment of money, time, and effort. The purpose is not only to prevent attacks from being successful but also to ensure the organization is prepared to respond and be resilient should an attack be successful.
This chapter outlines a variety of security controls that, when used properly, will significantly improve your organization’s security posture against ransomware and data exfiltration.
Dedicated Anti-Ransomware Solutions
Some security vendors offer advanced dedicated anti-ransomware solutions. It’s worth checking them out and choosing solutions that are most appropriate for your business and its needs. Today’s sophisticated anti-ransomware solutions take a multilayered approach.
Pre-execution Ransomware Prevention
As much as possible, ransomware should be stopped in its tracks before it’s even able to execute. Cybercrime groups and nation-state threat actors have developed increasingly sophisticated ransomware that includes features specifically designed to evade analysis and disable, blind, or bypass endpoint protection platform (EPP), EDR, and XDR tools.
It’s possible to stop a ransomware payload at the execution phase of the attack sequence if the right tools are in place to detect it. So far, EPP, EDR, and XDR have an extremely high miss rate ...
Get Ransomware and Data Extortion now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
