Providing an advantage for ransomware preparedness and recovery

A ransomware attack can cripple an organisation in a matter of minutes, leaving it incapable of accessing critical data and unable to do business. But that’s not all - recent years have seen threat actors move from just infesting systems with ransomware to multi-faceted extortion where they publicly name (and shame) victims, steal data, and then threaten to release or sell it.

According to Gartner’s Emerging Risks Monitor Report released in October 2021, the threat of new ransomware models was the top emerging risk facing organisations. To further illustrate this, Cybersecurity Ventures predicts organisations will face a new ransomware attack every two seconds by 2031, up from every 11 seconds in 2021.

The need for preparedness and response

Because of this threat landscape, it’s important organisations increase ransomware preparedness and assure that the tools needed for remediation, eradication, and recovery are not just in place, but also functioning as expected.

This holds especially true for the recovery of endpoints, which represent an essential tool for remote workers to conduct assigned business tasks in today’s work-from-anywhere environment.

While recovery efforts for endpoints are still considered secondary considering the importance of restoring critical infrastructure (e.g., Active Directory, database servers, application servers, message servers) and business applications, the shift to an anywhere workforce has put increased demands on already stretched IT and security teams when it comes to recovering employees’ devices so the organisation is protected.

Ransomware attacks often put endpoints in a state where they’re either open to reinfection, or they are almost impossible to re-image/recover because the necessary tools are no longer functioning. Ultimately, this creates increased challenges for IT and security teams that, by the time they are tasked with recovering their employees’ endpoints, they have already exhausted their resources.

Increase resiliency in ransomware response

In this context, Absolute Ransomware Response, which we developed based on our extensive experience responding to and recovering endpoints from ransomware incidents, enables customers to assess their ransomware preparedness for endpoints and monitor endpoint cyber hygiene across their device fleet. This allows for an expedited endpoint recovery using Absolute’s always-on connectivity and automated restoration capabilities for key security and management tools.

By combining several of our trusted product features with professional services elements, we have given security teams a range of essential capabilities, to both defend against ransomware attacks, and recover quickly. This includes the ability to check strategic ransomware readiness across endpoints to minimise exposure and assure expedited recovery efforts. We also enable ransomware cyber hygiene to establish that application resilience polices have identified mission-critical security applications and that device management tools are installed and functioning as intended.

For additional peace of mind, the ability to view your entire device fleet from a cloud-based console ensures you don’t miss anything important. If a user alters or removes an app or data, a persistent, self-healing connection, if activated, means Absolute reinstalls itself. This is possible because manufacturers build our Persistence module into the firmware of their devices. The agent creates a two-way digital tether between the activated device and the console, transmitting hardware and software data points to administrators in real time. The same connection can be used to query and remediate at scale, remotely wipe or delete sensitive data, lock down compromised devices, and many other remote commands.

At a critical point now where ransomware is a global security issue, we have incorporated many key capabilities in Absolute Ransomware Response to ensure our customers can best defend against this costly threat:

• Gain insights and report on hardware and software Inventory
• Continuously assess and report on device security posture
• Discover sensitive endpoint data such to identify at-risk devices and enable proper backup
• Secure on-device screen end user communications to inform users in a timely and coordinated manner and prevent unnecessary help desk support calls
• Freeze endpoints to preserve evidence for litigation purposes and potentially limit further spread of infection (e.g., through network quarantine of devices)
• Expedite recovery tasks to gather precise insights, execute custom workflows, and automate script commands to expedite device recovery
• Self-healing for mission-critical endpoint security tools, such as anti-virus/anti-malware, ensuring it is installed, healthy and working effectively to ensure availability for either restoration purposes or prevention of reinfection
• Self-healing for device management tools, such as Microsoft Endpoint Configuration Manager, to ensure it is installed, healthy and working effectively to ensure availability for recovery purposes
• Assist in ransomware recovery for endpoints to remotely help with recovery efforts for up to two incidents per year, following a pre-defined playbook

With security teams understaffed, our goal is to improve the confidence of customers in being able to prepare and quickly recover endpoints from ransomware attacks. In the stress of incident response, we want to provide one less thing to worry about as we face these threats together and avoid being another cyber victim.

To check your strategic ransomware readiness we recommend this datasheet.