Ransomware, a malware that encrypts important files, is a pervasive threat in computer security, disrupting businesses and infrastructure services. Organizations relying on legacy systems are particularly vulnerable to ransomware threats.

Google Cloud offers secure, modern technology for over 20 years, ensuring scale protection and enhancing resilience to ransomware threats through its Cloud products and services.

Develop a comprehensive, defensive security posture to protect against ransomware

Ransomware protection requires multiple layers of defense, as recommended by NIST’s Cybersecurity Framework. Cloud technologies can help address ransomware threats by enhancing security and reducing potential threats by:

Pillar #1 – Identify: Understand cybersecurity risks for assets, systems, data, people, and capabilities, including ransomware targets and potential business impacts, to prioritize and focus efforts on risk management.

CISO Guide to Security Transformation whitepaper(click here to download whitepaper) provides a guideline for a risk-informed approach to cloud security involves addressing key security risks, rather than relying on existing mitigation methods. Cloud service providers offer controls and tools for modern threats, such as Cloud Asset Inventory, to streamline IT operations, security analytics, auditing, and governance.

Pillar #2 – Protect: Develop cybersecurity safeguards to protect critical services and business processes from potential incidents. These may include zero trust frameworks, environment segmentation, executable authentication, phishing risk reduction, spam filtering, endpoint protection, patching, and continuous controls assurance. Some examples of products and strategies to involve in this step include: 

      • A cloud-native, inherently secure email platform: Email is a key component of ransomware attacks; Gmail offers advanced phishing and malware protection, quarantine controls, and a Security Sandbox to prevent inbound spam.

      • Strong protection against account takeovers: Ransomware operators exploit compromised accounts for reconnaissance, unauthorized access, and malicious binaries. Google’s Advanced Protection Program defends against account takeovers, and Google Cloud uses machine learning for anomaly detection.

      • Zero trust access controls that limit attacker access and lateral movement: BeyondCorp Enterprise offers a turnkey solution for zero trust access to business applications and resources. This model grants point-in-time access to individual apps, continuously evaluating permissions, preventing lateral movement and preventing ransomware attacks. It also protects RDP access to resources, preventing ransomware attacks on insecure legacy Windows Server environments.

      • Enterprise threat protections for Chrome: Leveraging Google Safe Browsing technology, Chrome warns users of millions of malware downloads each week. Threat protection in BeyondCorp Enterprise delivered through Chrome can prevent infections from previously unknown malware including ransomware, with real-time URL checks and deep scanning of files.

    Malicious download warnings to alert users in Chrome

        • Endpoints designed for security: Chromebooks offer enhanced protection against phishing and ransomware attacks with low on-device footprint, read-only OS, sandboxing, verified boot, Safe Browsing, and Titan-C security chips.

      Pillar #3 – Detect: Define continuous ways to monitor your organization and identify potential cybersecurity events or incidents. In the case of ransomware, this may include watching for intrusion attempts, deploying Data Loss Prevention (DLP) solutions to detect exfiltration of sensitive data from your organization, and scanning for early signs of ransomware execution and propagation.  

      Chronicle is a threat detection solution that identifies ransomware at lightning speed and scale, using Google Cloud Threat Intelligence for Chronicle to focus on real threats and accelerate response time.

      DLP technologies detect ransomware-targeted data through Cloud DLP, enabling secure discovery and preventing public access to sensitive information.

      Pillar #4 – Respond: Activate an incident response program within your organization that can help contain the impact of a security (in this case, ransomware) event.  

      During a ransomware attack, it’s critical to secure your communications both internally and externally to customers. More so, organizations are adopting Google Workspace for standardized, secure online collaboration and quick response actions in case of incidents.

      Pillar #5 – Recover: Build a cyber resilience program and back-up strategy to prepare for how you can restore core systems or assets affected by a security (in this case, ransomware) incident. This is a critical function for supporting recovery timelines and lessening the impact of a cyber event so you can get back to operating your business. 

      More so, Actifio GO offers scalable, efficient incremental data protection and near-instant recovery for identifying clean restore points after ransomware attacks, enabling rapid business function resumption and infrastructure-agnostic protection.

      In Google Workspace, if files on your computer were infected with malware but you sync them to Google Drive, you may be able to recover those files. Additionally, ensuring that you have a strong risk transfer program in place, like Risk Protection Program, is a critical element of a comprehensive approach to managing cyber risk.

      Key ransomware prevention and mitigation considerations for business and IT leaders

      As you plan for a comprehensive defense posture against ransomware threats, here are some key questions to consider:

          • Does your organization have a ransomware plan, and what does it entail? Remember to demand a strong partnership with your cloud providers based on a shared understanding of risk and security objectives.

          • How are you defending your organization’s data, systems and employees against malware?

          • Are your organization’s systems up to date and patched continuously?

          • Are you watching for data exfiltration or other irregularities?

          • What is your comprehensive zero trust approach, especially strongly authenticating my employees when they access information?

          • Are you taking the right back ups to high assurance immutable locations and testing that they are working properly? This should include testing that does a periodic restore of key assets and data.

          • What drills are you conducting to battle-test your organization’s risk management and response to cyber events or incidents?

        Ransomware attacks will continue to evolve 

        Ransomware groups are stealing data before encryption, using leaks and distributed-denial-of-service (DDoS) attacks to compel victims to pay ransoms. Google Cloud Armor can protect services deployed in clouds or on-premises against DDoS attacks, occupying security teams.

        Ransomware attacks are crucial for organizations, and building a resilient cybersecurity posture requires a comprehensive program that identifies, prevents, detects, responds, and recovers from threats. More so, Google Cloud offers a battle-tested, highly-resilient cloud platform that integrates these elements with your business. For more, visit our PawaIT Solutions Ltd support cente