Ransomware Resilience – Incomplete Remediation Results in Ransomware Reinfection

According to a recent report from Malwarebytes, ransomware attacks don’t typically originate as a fresh problem for organizations; instead, they are largely the grim culmination of unresolved network compromises and inefficient security controls. According to the report, threat actors gain initial access through stolen login credentials, deployed malware, or established backdoors. The report notes that the majority of reinfections stem from the failure to address underlying vulnerabilities that led to the initial breach and improper remediations. Smaller IT-constrained organizations, with limited resources, tighter budgets, and lower levels of security maturity, are particularly susceptible to remediation errors compared to larger counterparts.

Ransomware impacts organizations of all sizes. Smaller organizations, who are often constrained by limited IT resources, have become prime targets for threat actors. A Devolutions report on SMB IT security found that 60 percent of small businesses experienced at least one cyber attack in the past year, with 18 percent enduring six or more. Furthermore, 66 percent of SMBs reported one or more ransomware attacks this year, marking a 44 percent increase in just three years.

With ransomware attacks on the rise, those responsible for mitigation and response are undoubtedly challenged. While cybersecurity programs tend to demonstrate resilience in the face of economic uncertainty, CISOs and other security leaders are under pressure from stakeholders to tighten spending, validate the value of their investments, and focus on improving efficiency. Mitigating ransomware is increasingly challenging due to its growing sophistication, and the competitive environment that ransomware groups operate in adds complexity to the situation. Read more at Malwarebytes.