Battle of the breach: Prioritizing proactive ransomware defense

Editor’s note: The following is a guest article from Sebastian Goodwin, chief information security officer at Nutanix. 

Over the last decade, ransomware has become the de facto tactic of cybercriminals looking to make a quick buck.

And why not? Average ransomware payments are nearing the $1 million mark, and many criminal groups are now selling their tools and services on specialty ransomware as a service marketplaces.

With nearly every business already permanently connected to the internet, global ransomware damage is expected to reach an annual impact of $265 billion within this decade.

In practical terms, this means that we will soon face a reality where organizations are attacked every two seconds by threat actors that continue to evolve their tools and tactics. 

Doing business in such a world can seem overwhelming, but modern cybersecurity approaches are working to keep up with the growth of ransomware.

As a result, CISOs looking to apply advanced thinking to ransomware defense can integrate new processes and tactics as they formulate their cybersecurity strategies. 

What’s in a name? Ransomware types by description 

Today’s ransomware can come from many specialized groups and threat actors. To make things more complicated, some criminal groups even sell their tools through a ransomware as a service business model, letting anyone with a bank account or cryptocurrency wallet automate ransomware attacks via the dark web. 

Most common types of ransomware fall into six distinct categories: 

  • Crypto ransomware: After breaching individual workstations and systems, this type of ransomware finds and encrypts files, rendering them unusable. Victims are encouraged to pay a ransom or lose access to their data permanently, often by having it completely deleted off their system. 
  • Locker ransomware: While crypto-style ransomware blocks access to individual files, Locker-type ransomware affects whole machines, preventing a user from accessing any files or programs until a ransom is paid. In general, this type of ransomware affects computer systems, though some are specifically made to lock IoT and smart home…