For most of the past year, ransomware stories have featured regularly on news websites — and not just high-profile incidents (although there’s no shortage of those). Ransomware creators are actively refining their methods and technologies. In 2020, we saw the merger of several groups into a cartel, the creation of sites for the publication of stolen materials, auctions for the sale of stolen information, and the first ransomware for Linux. More recently, news also emerged that a ransomware group had started using hacked Facebook accounts to intimidate victims.
According to Krebs on Security, a group calling itself Ragnar_Locker Team took over the Facebook page of a Chicago-based DJ, launching an ad campaign in his name. Meanwhile, announcements with the subheading “Ragnar_Locker Team press release” pointed directly to a successful attack on beverage maker Campari Group. In them, the attackers also boasted about the amount of stolen information in their possession, threatening to publish it if Campari refused to pay the ransom demand.
All this seems to confirm that ransomware authors feel untouchable and are willing to spend part of their ill-gotten gains on mastering new technical tools and pressure levers. That means antiransomware efforts require more than just a security product on a workstation. And we’re not the only ones who have come to that conclusion: Gartner recently proposed the Ransomware Defense Architecture method of protection.
Gartner’s structured approach
Ransomware Defense Architecture combines IT systems and operations with security risk management. According to Gartner, technical professionals cannot approach ransomware defense from just one domain. Domains such as storage, networking and data protection, on-premises, in the cloud, and at the edge all have to take security into consideration when confronting a ransomware attack. Gartner sees ransomware attacks on a continuum timeline with five phases:
Phase 1 — Prepare Phase 2 — Prevent Phase 3 — Detect Phase 4 — Mitigate Phase 5 — Recover
Whereas phases 1 and 2 take place before an incident, phases 3 and 4 are during or at about the same time as the incident, and phase 5 occurs postincident.
As we see it, we offer the most comprehensive portfolio of solutions to cover the Gartner Ransomware Defense Architecture structure, with customer reviews for these solutions on Gartner Peer Insights placing us among the highest rated. In response to the high level of ratings we achieved, Kaspersky was named a Gartner Peer Insights Customers’ Choice in the most recent iteration for Endpoint Protection Platforms in 2019, and Endpoint Detection and Response and Secure Web Gateway in 2020.
Phase 1: Prepare
Technology: Phishing Training Security Hygiene
Gartner Peer Insights Market: Security Awareness Computer-Based Training
Our solutions: Kaspersky Automated Security Awareness Platform, Kaspersky Adaptive Online Training
Customer Reviews (as of Nov. 1, 2020): 4.8 / 5.0; 98% Would Recommend; 45 reviews in the last 12 months
Phase 2: Prevent
Technologies: EPP, MTD, SEG
Gartner Peer Insights Market: Endpoint Protection Platforms
Our solution: Kaspersky Endpoint Security for Business
Customer Reviews (as of Nov. 1, 2020): 4.8 / 5.0; 94% Would Recommend; 512 reviews in the last 12 months
Gartner Peer Insights Market: Endpoint Detection and Response Solutions
Our solutions: Kaspersky Endpoint Detection and Response
Customer Reviews (as of Nov. 1, 2020): 84 reviews; 4.9 / 5.0; 100% Would Recommend;
Technology: VM and Patch
Gartner Peer Insights Market: Cloud Workload Protection Platforms
Our solutions: Kaspersky Hybrid Cloud Security