10 Ways to Protect Your Business Against Ransomware Attacks

10 Ways to Protect Your Business Against Ransomware Attacks

Apr 17, '24 by Joerg Schneider-Simon

Your organization faces an ever-growing threat of ransomware attacks. The year 2023 saw ransomware attacks increase by a whopping 95% over the previous year. Worldwide, more than 72% of businesses were affected by ransomware attacks in 2023.

To protect your organization, you must understand what ransomware is, why it is costly, and how to protect yourself against it.

Understanding Ransomware

Ransomware is a type of malware. It infects a victim's computer system, denying access to critical files or the entire network until the victim pays a ransom to the attackers. Ransomware is like kidnapping, except the victim is your data and your networks. Attackers hold your company hostage until you pay their ransom.

Ransomware may enter a system in various ways. It could be through malicious email attachments, malicious links in email messages, unsecured websites, and vulnerabilities in software or via an upload into your SAP business application. Once activated, the ransomware encrypts files, making them inaccessible to the victim, who receives instructions on how to pay the ransom, usually in cryptocurrency, to regain access.

“One attack vector that most companies are unaware of is the GUI used by external SAP developers,” says Holger Stumm, an experienced penetration tester, SAP cybersecurity expert, and founding principal of log(2) oHG:

“In our proven scenario, pen testers embed ransomware in a commonplace file, such as an Excel spreadsheet or PDF. They then “coerce” an off-shore developer (who is a known participant in the pen test) to upload that local file to an employer’s network using the GUI, where the file gets written to the system directory on the SAP server. This gives our pen testers the ability to run any operating system command under root control. If the uploaded file is a ransomware Trojan, or a Python script, hackers using this attack vector can then encrypt the entire SAP system. Large firms that outsource software development to low-wage countries are particularly vulnerable to this avenue of attack because low-wage developers are susceptible to bribery or extortion.”

The Costly Implications of Ransomware Attacks

Ransomware attacks have grown increasingly sophisticated and devastating, resulting in significant financial losses and reputational damage for targeted organizations. Ransomware attacks have severe consequences for businesses, governments, and non-governmental organizations, both in terms of financial and operational impact. Here are four reasons that ransomware attacks are so costly:

  1. Financial losses: IBM's Cost of a Data Breach 2022 report reveals that the average ransom payment stood at $812,360. Just remember that this figure represents only a fraction of the overall expense incurred from a ransomware attack, which IBM estimates to be $4.5 million. Also note that even if victims pay the demanded ransoms, there’s no guarantee that the attackers will release the encrypted files or restore system access. They often don’t, but instead come back for more money.

  2. Operational disruption: Ransomware attacks typically result in significant downtime as organizations struggle to regain control of their applications, systems, and networks. This disruption paralyzes operations, hinders productivity, and leads to missed deadlines.

  3. Data loss: Sometimes, victims lose critical data if proper backups aren’t in place. Recovering lost data is a time-consuming and expensive process, particularly if the data isn’t adequately backed up off-site.

  4. Damaged brand: A ransomware attack will erode customer trust and damage the reputation of any organization. Public disclosure of a successful attack leads customers to question the security of their data, which often results in lost business opportunities and long-term damage to the brand. Double extortion is commonplace, in which ransomware groups exfiltrate and then publish their victims’ data if ransoms are not paid.

10 Steps to Protect Against Ransomware Attacks

No single security measure, or even group of measures for that matter, provides 100% protection against ransomware attacks. This is why you must deploy a comprehensive defense to significantly reduce the risk and impact of ransomware attacks.

Here are 10 actionable steps to take to protect your organization:

  1. Deploy and update state-of-the-art malware protection – in a layered approach: Do not rely only on securing obvious entry vectors like email. Expand the scope to cover all relevant vectors. In an SAP context, this means secure file and data ingestion mechanisms like file uploads, attachments, and even data entry from the Windows clipboard. SAP’s VSI, when combined with an industry-leading malware scanner, provides such an additional layer of protection.

  2. Segment networks: “Your #1 priority in defending against ransomware attacks is segmenting your networks to isolate critical systems and sensitive data from the rest of the network,” says Stumm. “You must install firewalls between networks and secure all endpoints. This contains the spread of ransomware and limits the scope and damage of an attack. Hackers avoid complex networks—and segmented networks are complex networks.”

  3. Install a Security Information Event Management System (SIEM): One major challenge in mitigating damage from ransomware attacks is visibility. “Enterprises don’t see the activity that precedes ransomware attacks—or see it too late,” says Stumm. “SIEM technology plays a crucial role in bolstering threat detection, ensuring compliance, and effectively managing security incidents. It accomplishes this by meticulously gathering and scrutinizing a diverse range of security events, encompassing both real-time and historical data, alongside an extensive array of contextual and event sources.”

  4. Educate employees: The primary threat vector for ransomware attacks is phishing. Ransomware enters networks because individuals click on authentic-looking email links or open email attachments. Your primary line of defense is to educate employees about the risks of ransomware. Train them to recognize phishing emails, suspicious attachments, and potentially harmful websites. Also encourage strong password practices and the use of multifactor authentication.

  5. Back up data: All other things being equal, the damage caused by a ransomware attack is directly proportional to the amount of data you have backed up. If none of your data is backed up, then you are at the mercy of the attackers. But if all of your data is backed up, and backed up recently, then you can ignore the attacker’s ransom demands (the recommended best practice). Make sure to follow the 3-2-1 backup strategy (keep three copies of the production data on two different media with one copy being stored off-site).

  6. Patch software: Keep all operating systems, software, and applications up to date with the latest security patches and updates. Ransomware attackers like to exploit vulnerabilities in outdated software. Regularly scan your systems for vulnerabilities, and promptly apply patches to address them.

  7. Use email filtering and web security: Deploy email filtering solutions to block spam, phishing emails, and malicious attachments. Implement web security measures to block access to known malicious websites and prevent drive-by downloads.

  8. Create an incident response plan: Develop a comprehensive incident response plan that outlines the steps you must take in the event of a ransomware attack. Assign roles and responsibilities. Establish communication channels. Then test the plan (regularly) to ensure its effectiveness.

  9. Practice a ransomware attack: Are your employees prepared to resist a phishing attack? Are your networks adequately segmented? Is your backup infected? The only way to be sure is to practice a complete ransomware attack. Stumm says to hire a penetration tester like him to form a red team to attack your networks. “Then respond, and see if your hardware, software and procedures prevent the attack and mitigate damage,” says Stumm.

  10. Engage with cybersecurity experts: Consider partnering with cybersecurity professionals who specialize in ransomware prevention and incident response. They assess your organization's security posture, provide guidance on best practices, and assist in implementing robust security measures.

Ransomware attacks continue to pose a significant threat to organizations, with potentially devastating consequences. By understanding the nature of ransomware (and its associated costs) and implementing these proactive measures, you significantly reduce your risk exposure and mitigate the impact of ransomware attacks.

You must foster a culture of security awareness, deploy robust security solutions, regularly update systems, and have a well-defined incident response plan. By taking these precautions, you safeguard your valuable assets, protect customer trust, and stay resilient in the face of evolving ransomware threats.

Learn about Protecting SAP Applications from Content-Based Attacks in our free guide.

Take the SAP Security Self-Assessment