Why Having an Accurate, Ready-to-Use IT Inventory Is a Lifesaver In a Ransomware Attack

Has your company experienced a ransomware attack? If it hasn't, brace yourself - it's coming. 

IDC reports that 37% of organizations around the world were victims of a ransomware attack in 2021, and according to the FBI, reported incidents of cybercrime have increased by 300% since the onset of the Covid-19 pandemic. These aren't insignificant incidents, either. Ransomware pay-outs climbed 82% in the first half of 2021 alone, reaching an average of $570,000. 

The reality is, bad actors are taking advantage of vulnerabilities introduced during the pandemic, as businesses have adopted remote working policies and accelerated digital transformation initiatives. In fact, six ransomware groups were able to bypass the cybersecurity defenses of nearly 300 organizations in 2021, charging victims more than $45 million in ransom. Some of the biggest vulnerabilities were introduced by remote workers, who caused security breaches in 20% of organizations.  

How does ransomware get in? By finding vulnerabilities to exploit and install malware. These vulnerabilities can be technical or created through human error. Here are some examples:

  • Vulnerable VPNs, or unprotected devices used by remote workers to access corporate resources are prime targets for cybercriminals. 
  • Hardware devices running outdated operating systems or missing critical security patches are points of vulnerability, and much more common as IT estates expand to meet the demands of digital transformation. 
  • Attacks on unprotected mobile devices spread from device to device and leverage obfuscation techniques to conceal malicious code and bypass security controls.
  • Phishing emails trick unsuspecting employees into downloading apps or visiting infected websites. Unless specifically trained to recognize a malicious email, employees are unlikely to realize they've let an attacker in. 

In today's hybrid, highly mobile work environment, one employee may be using multiple devices and accessing numerous cloud apps and services, and if a hacker gets even one password, they can obtain the information they need to infiltrate many systems - including those that contain sensitive information or customer data. That's when the real damage occurs, and not just in terms of dollars lost. Reputational damage from a data breach can literally put a company out of business. 

What's more, today's cybercriminals can leverage an organization's global cloud infrastructure to launch an attack from anywhere. This has resulted in the trend toward "Ransomware-as-a-Service," where larger ransomware groups - think REvil and DarkSide - sell malicious code to third-party buyers who can then quickly and easily launch attacks of their own.

A particularly disturbing trend for cybercrime is the increase in attacks on critical infrastructure. Hackers are targeting oil and utility companies, as well as governmental agencies because they can demand higher ransom and expect to be paid sooner. Take, for example, the Colonial Pipeline breach, which disrupted gas supplies in the U.S. and forced the organization to fork up $4.4 million dollars in bitcoin. Healthcare organizations are also particularly vulnerable: Comparitech found that in 2020, the healthcare sector was hit hard, with over $20 billion lost in ransom paid, revenue, and legal costs, as more than 600 healthcare organizations were hit by 92 attacks. 

As the reliance on IT infrastructure for business operations grows, organizations of all sizes across all industries are under increased pressure to submit to a hacker's demands. With cybercriminals expertly circumventing traditional security controls, how do you protect your organization? The key is technology intelligence. 

Arm Your Team with ITAM

IT Asset Management (ITAM) and IT inventory solutions such as Lansweeper are helping organizations arm themselves with the information they need to fight back. Using advanced capabilities such as deep scanning and Credential-free Device Recognition technology, Lansweeper continually and automatically scans the network, detecting and recognizing any connected device, and consolidating all IT asset data into a single system of record that becomes a baseline for IT security. 

By providing IT security teams complete visibility across the IT estate, along with extremely granular and accurate data about all hardware and software that comprise the IT infrastructure, Lansweeper helps teams proactively mitigate the risk of an attack before it happens. If an attacker does manage to get through, security analysts can use the data to "stop the bleeding" before widespread damage occurs.

Here are a few examples of how Lansweeper can help to stop the spread of a ransomware attack:

  • Staying on top of patches and updates: As your technology infrastructure expands, keeping up with necessary updates becomes increasingly challenging. Historically, IT teams have relied on manual processes and spreadsheets for tracking technology assets, but in this digital world, those methods are insufficient. Lansweeper automates the process of discovering and identifying technology assets, and creating a complete and always-accurate inventory, saving time and reducing errors. Organizations have a single source of truth that's always current, along with all of the data they need to assess the health and state of their technology infrastructure. This simplifies the process of rolling out updates and patches, ensuring every device is equipped with the proper security software.

Remember when Wanna Cry impacted organizations across 150 countries in 2017? If they had used Lansweeper to identify and patch machines running outdated Windows operating systems proactively, they would have been immune. 

  • Protecting unknown and rogue devices: In the interest of boosting worker productivity, your organization may have adopted a bring-your-own-device (BYOD) policy. This means you have many more potentially unprotected devices accessing the network and opening up the infrastructure to additional risk. But you can't see what you can't protect, and if you didn't issue the device, how would you know it's there? 

Using device recognition technologies, Lansweeper detects unknown and rogue devices, then reports back specific and granular information about the device, such as the type of device, model, IP address, and MAC address. Once they're discovered, you can determine their origin then perform a deep scan to collect more data.

  • Isolating and mitigating security incidents: Hackers are continuously coming up with new methods and techniques to do their dirty work, and even if you take every precaution, an attack can still get through. If it does, Lansweeper helps to accelerate the process of identifying and isolating impacted machines, and shutting them down to stop the spread. 

Case in point: A large health network in the Midwest region of the U.S. experienced a ransomware incident in 2019. Their IT security team leaned on Lansweeper data, which started showing signs of an infection two weeks before the attack kicked in. It captured all of the data and helped the team identify the progression of the attack, which enabled them to prioritize what devices to lock down first. 

According to the head of security, insights from Lansweeper data saved hours of time rifling through event logs, simplified decision-making, and enabled the team to act swiftly to stop the spread of the attack to critical infrastructure."Because we were able to act quickly, no patient data was lost, stolen or damaged," he said. Lansweeper also helped accelerate recovery following the attack with detailed reporting that kept upper management apprised of which machines were impacted, which had been shut, and which were clean and back up. 

Lansweeper detects and recognizes every asset - even rogue devices that only touch the network briefly or operate behind the firewall - eliminating blind spots for full visibility across the IT infrastructure. It discovers assets that aren't properly encrypted, unauthorized software installations, and vulnerabilities that require immediate patching. Automated alerts enable teams to jump to immediate action, closing the window on malicious attacks. And with detailed insight into what devices are most vulnerable or contain the most sensitive information, teams can quickly prioritize their work and devise a plan of counter-attack. 

Be Prepared for the Next Attack

Ransomware is here to stay, and regardless of the security protocols you put in place, hackers are committed to finding ways around them. And even though you may not be able to prevent an attempted attack, you can outsmart the attacker. Taking a proactive stance by ensuring you have the insight and technology intelligence you need to spot, isolate and stop an attack is your best defense. 

Webinar: Lansweeper for Cyber Security

How Lansweeper Benefits Your Cyber Security Program

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​