Post-infection Remediation Needed to Combat Ransomware Attacks

When it comes to protecting against ransomware attacks, organizations often overlook the importance of post-infection remediation.

Alyse Burnside, Contributor

January 27, 2023

2 Min Read
Skull in computer code script that represents a system hacking attack.
James Thew / Alamy Stock Photo

In 2022, ransomware cost organizations an estimated $20 billion despite the number of attacks going down overall. Ninety percent of organizations reported ransomware attacks, according to new SpyCloud research, illustrating the grim reality that ransomware is a commonplace concern in today’s security landscape.

Unfortunately, organizations can expect threats from cybercriminals to become more sophisticated in 2023. “I think in [2023], we will see even more professionalization and division of labor within these underground groups than we have already seen,” said CW Walker, director of security product strategy at SpyCloud. “We may see new criminal industries grow to support ransomware syndicates, such as what we've seen with initial access brokers.”

As attackers become more organized, so must IT leaders, Walker said.

Include Post-infection Remediation in Ransomware Defense

The most dangerous mistake that organizations make is to fail to properly remediate infections. Failure to do so leaves entry points for future attacks via corrupted systems.

Responding to an attack by simply wiping a device is not enough. Even if wiping a device cuts an attacker’s access to the device in the short term, it does not address credentials, cookies, or other data that criminals have accessed. If attackers can access an organization’s systems, they can deploy infostealer malware such as Raccoon or RedLine Stealer, which procures data needed to carry out future attacks.

Related:Ransomware Defense a Top 2022 Cybersecurity Trend, Challenge

Post-infection remediation approach is a critical part of fighting ransomware threats. “Post-infection remediation requires organizations to proactively scan the darknet for malware-exposed assets and credentials to give security teams more complete visibility into their attack surface,” Walker said of the process. “Acting on the information gained from monitoring the criminal underground, security teams can properly remediate all entry points – including exposed users, applications, and devices.”

Remote working poses an ongoing challenge in this regard. Many remote employees access company data on unsecured devices, which might house an organization's credentials or other sensitive information. Since employees’ personal devices are often unaccounted for when surveying a business’s IT infrastructure, it can become difficult to understand an attack surface.    

As is often the case with cybersecurity, organizations must combat threats with vigilance and a companywide dedication to security best practices.

About the Author(s)

Alyse Burnside

Contributor, ITPro Today

Alyse Burnside is a writer and editor living in Brooklyn. She is working on a collection of personal essays about queerness, visibility, and the hyperreal. She's especially interested in writing about cybersecurity, AI, machine learning, VR, AR, and ER.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like