Get a Quote

What’s Next in the Fight Against Ransomware?

diverse group of coworkers going through security awareness training

Advanced Tools for Enhanced Cybersecurity Protection

Last week, the sites associated with the Russian hacking group REvil disappeared from the dark web. This represented a rare positive step in the fight against ransomware, which REvil deployed in two of the biggest cyberattacks of 2021: the attack on meat processing conglomerate JBS and the worldwide July 4th incident that stole the data of thousands of businesses around the world.

The group’s public-facing “happy blog,” which listed victims of ransomware, was taken down, along with custom websites that the group used to negotiate with the businesses it had attacked. The question now is who or what is responsible for the disappearance of REvil’s online presence.

Could it be credited to American President Joe Biden’s demand of Russian President Vladimir Putin that he takes action to stop the attacks? Could the United States Cyber Command be responsible, acting on the U.S. government’s declaration of ransomware attacks as a serious threat to national security? Or could it be attributed to REvil itself, which some security experts suspect could have eliminated its own online presence to avoid the attention of law enforcement agencies?

The latter theory has happened before: in May, another Russia-based group, Darkside, deployed a ransomware attack on Colonial Pipeline that led to gas shortages up and down the East Coast of the United States. Weeks later, Darkside publicly announced that it was going out of business because it hadn’t intended to attack public infrastructure.

For the thousands of businesses that have been impacted by ransomware recently, the dismantling of REvil’s web presence provides only a small measure of relief. For those who were still negotiating with REvil to try and retrieve their encrypted data, they were left in a particularly harmful lurch: unable to even pay a ransom to retrieve their stolen data and return their businesses to normal operations.

For businesses that haven’t been struck by ransomware but are worried about ongoing threats to their cybersecurity, further action is necessary. The basics are more important than ever:

1. Proactive network security that deploys multiple layers of protection, prevention, monitoring, incident response, and event management for all devices

2. Comprehensive data backups that create multiple copies of critical information

3. Clear plans for rapidly recovering that backed-up data if an attack occurs

4. Security awareness training for every employee of your business so they know how to identify user-based cyber threats

But the rise in ransomware attacks and the evolution of their sophistication requires more than just those basics. Below are three more advanced steps that can strengthen the cybersecurity of your business:

1. Security update and software patch management.

One of the most important methods to prevent a ransomware attack is to make sure all machines and operating systems are updated—especially when new vulnerabilities are identified. With the help of a trusted IT provider, this process can be automated to run in the background, ensuring your computers stay safe and your employees don’t have their day-to-day work disrupted. This layer has become even more important as scammers and hackers have started sending out fake update notifications that appear to come from trusted companies like Microsoft. At CMIT Solutions, we vet and approve all patches and updates before they’re deployed on your computers.

2. DNS filtering.

This layer of security allows your business to fine-tune its Internet access policies by IP address, limiting entry to websites that pose a risk to your network. DNS filtering is a simple yet effective way to deter everyday web usage from becoming a serious security threat by whitelisting safe websites and blacklisting dangerous ones, reducing the likelihood of network infection, and monitoring and analyzing web traffic to provide real-time protection.

3. Email filtering that places attachments and links in a “sandbox.”

In the past, users were encouraged not to open ANY attachment or click on ANY link, especially in suspicious-looking emails. Instead of placing that responsibility entirely on employees, though, advanced email filtering adds an automated component to these critical actions. Attachments and links are placed in a “sandbox” so they can be tested before they are delivered to your users’ inboxes, and links are automatically tested for legitimacy. Illicit messages can still sneak through, which is where human-based security intelligence comes into play. But email filtering adds another layer of security.

As always, these three advanced tactics still can’t provide 100% protection. Determined hackers can typically figure out how to elude any protection layers, which is why it’s so important to work with a trusted IT provider who can deploy further detection layers to keep your business safe.

At CMIT Solutions, we go above and beyond the call of duty to protect the data, devices, and digital identities of you and your employees. As ransomware evolves and hackers test new attempts at network infection and data compromise, our 800+ technicians located across North America stay ahead of the curve by working 24/7 to deploy new protections and devise new strategies for IT success.

If you want to take the next steps to protect your business from ransomware, contact CMIT Solutions today.


We can help. Whatever your technology problem is, chances are, we've seen it before.