Ransomware had been a growing threat to global cybersecurity even before recent geopolitical events led the CISA to issue its Shields Up alert, encouraging all enterprises to adopt a heightened security posture. Ransomware attacks grew by 105% in 2021 and have risen by 232% since 2019, with some verticals such as government (+1,885%) and healthcare (+755%) being particularly highly targeted.
In recent years, organizations of all sizes have been crippled by ransomware, including major businesses, entire health systems (the UK’s NHS) and even whole cities (Baltimore, MD among others). A successful ransomware attack negatively impacts an organization on multiple fronts, including:
With such major consequences from ransomware attacks, it’s critical that organizations recognize how they occur and how to prevent ransomware attacks in the first place.
Hackers use two primary vectors to launch a ransomware attack on an organization. Understanding these attack vectors is key to understanding how to prevent ransomware attacks. In the first method, attackers leverage security vulnerabilities to gain entry into a system and eventually deploy ransomware. This could be an unpatched software vulnerability, an un-updated system (this is how the infamous WannaCry ransomware wreaked such havoc) or one that has stopped being supported altogether. Many businesses are still running machines on the discontinued Windows 7 OS, putting them at serious risk when Microsoft stops its extended security update (ESU) program at the beginning of 2023.
Unfortunately, prevention of these types of attacks isn’t always in your organization’s control, as the attack could exploit a new zero-day flaw that your vendor doesn’t know about and which cannot be detected by security measures such as antivirus or EDR tools. This was the case for the recent Kaseya attacks, where the notorious REvil ransomware group used a vulnerability in a Kaseya remote computer management tool to launch an attack that affected thousands of organizations across the globe.
The second form (and by far the most common route of access for ransomware) uses compromised passwords or credentials. Again, knowledge plays a critical part in ransomware prevention, so let’s look at the main ways stolen or cracked passwords result in successful attacks:
Ransomware prevention requires a concerted effort across the whole spectrum of cybersecurity and users. Some of the most basic protection strategies involve effective cyber hygiene, such as:
Given that the majority of ransomware attacks originate from poor password and authentication security, the most important element of any ransomware prevention plan is implementing strong multi-factor authentication (MFA). The massive Colonial Pipeline ransomware attack, which affected 45% of the East Coast’s fuel supply and shut down thousands of gas stations, began from a breached password for an account without MFA in place. For effective ransomware prevention, your MFA should be phishing resistant, especially for high-privilege and administrator accounts, which have the potential to significantly elevate an attack if compromised.
Phishing-resistant MFA is critical for ransomware prevention as most MFA methods can be defeated by modern attacks. One-time passwords (OTPs), SMS and push notification authentication methods can all be circumvented by phishing, MitM (man-in-the-middle) or push attacks (or some combination of all three). Today there are more than 1,200 MitM phishing toolkits available that let cybercriminals bypass MFA.
Phishing-resistant MFA is fully passwordless and based on public key cryptography; it does not share credentials or secrets at any point in the authentication process. Users confirm their identity through secure on-device methods such as biometric sensors or a decentralized PIN. Essential to ransomware prevention is the fact that it does not use OTP codes, SMS tokens or any type of phishable credential.
Specifically, passwordless MFA (PMFA) that has been certified to FIDO (Fast IDentity Online) standards is considered the gold standard for phishing-resistant authentication by the OMB and CISA.
Even though phishing-resistant PMFA greatly reduces the potential for successful ransomware attacks, there is no such thing as 100% protection. There will always be a new zero-day vulnerability discovered by hackers, configuration errors made by even the most diligent IT teams or a malicious insider that slips in a threat undetected. However, you can take steps to minimize damage and improve recovery speeds after an attack. These include:
The increase in volume and severity of ransomware attacks makes ransomware prevention a security priority for industries across the board. has become critical for effective cybersecurity. By implementing phishing-resistant passwordless MFA, organizations can wipe out the vast majority of its ransomware attack surface.
HYPR’s PMFA eliminates the trade-off between operational security and user experience by delivering the highest level of authentication security, removing passwords and, importantly, creating a seamless authentication process that saves time, prevents frustration and avoids users taking risky “shortcuts.” By completely eliminating shared secrets as an authentication factor and turning a user’s personal device into a secure FIDO token, phishing-originated ransomware attacks can be stopped at source.
To see how HYPR’s phishing-resistant PMFA can elevate your ransomware protection efforts, talk to our team.
Want to learn more about passwordless security in general? Download the Passwordless 101 guide.