Ransomware and Beyond series

How to interrupt the ransomware threat cycle with Zix

If you've been keeping up with our ransomware articles, you've covered a lot of ground with us. From the basic 101s of what ransomware is and how it works, to more involved issues like whether you should pay the ransomware fee if you're ever targeted by an attack. There's a lot to take in, and we hope you're feeling more informed and better prepared.

If you've taken one thing away from these articles so far, we hope it's this: The best way to defend yourself against a ransomware attack is to be ready for it. This doesn't just mean putting the necessary prevention measures in place (because as we know, ransomware threat actors grow more sophisticated every day and find ways to get into even the most well-protected networks). It's about having the right tools in place at each stage to keep your organization and data as safe as possible.

First, understand the cycle

As a refresher, let's look at each stage of the threat cycle from an attacker's perspective in detail.

Identify target: At this stage, the attacker is looking for a weak target and determining the best way to get into the system. They're looking for weak passwords, vulnerabilities, and other holes they can worm their way into.

Attack target: Based on the information the attacker collects at the “identify” stage, they will then launch an attack. Gaining access to the system could be as easy as finding an old, unmonitored admin account that hasn't had a password change in a while, or a regular system account that they've gained access to and escalated privileges on.

Infiltrate target: Once the attacker breaches the system, they typically establish an internal foothold. They do this by running applications that create logs of IP addresses and usernames, as well as searching for further vulnerabilities.

Evade and move: At this stage, the attacker tries to hide their presence within the system as they continue to look for more ways to take hold. From there, they can access more systems, escalate privileges, and run tests to see if they can install applications.

Complete mission: Using collected information, the attacker executes their mission goal (in a ransomware scenario, hijacking and locking you out of your system).

Where you can interrupt the cycle

In order to stop threat actors from getting to the “complete mission” phase, you have to be well-equipped to interrupt the threat cycle at various checkpoints. In order to do this, your approach must be multi-layered.

As Andrew Murphy, Zix | AppRiver's Director of Product Marketing says, “Think of it like circus animals jumping through hoops, with the hoops getting progressively smaller.” In other words, you need to have multiple measures in place that are increasingly difficult for threat actors to get through. Each layer serves as a backup for the step that came before it.

There are three main tactics (or hoop sizes, if you will) you can use to interrupt the ransomware attack process. Let's look at each one more closely.

Protect: Stop threats from entering in the first place

These measures interrupt the threat cycle in its beginning stages, where ransomware attackers are trying to identify and attack targets. Zix | AppRiver provides the following services at this protection level:

  • Advanced email threat protection
  • Multi-factor authentication
  • Advanced email encryption

Since email is the most common threat delivery system, most of the tools available at this stage work by filtering out email threats and making emails that do get through harder for threat actors to access.

Detect: Keep threats from spreading through your system

Once a threat actor is in your system (which occurs at the “infiltrate” and “evade and move” stages of the threat cycle), you can still catch malicious activity and stop it from spreading further using these tools:

  • Security audit
  • Outbound threat protection to detect account compromises
  • Threat analysis team/tools
  • Data loss prevention scanning

Respond: Do the right damage control

If an attacker gets all the way to the “complete mission” stage of the threat cycle, you still have tools at your disposal to mitigate risk. These measures can help you respond and recover:

  • Threat investigation and analysis
  • Vulnerability remediation
  • Backup and recovery

Ransomware is a complex threat that's mutating all the time. With the right defense plan, however, you can do a great deal to keep your company safe.

How Zix | AppRiver Partners Can Help

If you're looking for additional support to manage your IT services or offer local support, let us know. Our global partner network trusts Zix solutions to protect their clients. We can connect you with an MSP that can provide their IT expertise to help your business with its specific needs.

Contact us now

Test your ransomware knowledge
Take the ransomware quiz and see if your knowledge is up to scratch
Sign up to the Ransomware and Beyond Series

We'll notify you when new articles are released

More from this series
1. What is ransomware?

Ransomware is one of the top cybersecurity threats, and it has gained enough ubiquity and power in recent years that defending against it is now a major security consideration for most corporations, and even government bodies.

Read article
2. Ransomware origins

As with most threats, it's helpful to learn more about where ransomware came from in order to understand how it affects the world today. We've covered the basics of what ransomware is in our first article, and in this one, we'll cover its origins (as well as how it's evolved over time).

Read article
3. Ransomware impacts on the world around us – top ransomware attacks

Ransomware is an ever-changing threat, and its impacts have grown both in seriousness and scale over the last few years.

Read article