Here’s How Google Fights Against Ransomware

Ransomware is a national security issue, and it’s only expected to get worse in the years ahead. In 2020 alone, ransomware attacks increased by 150 percent. When asked if we’ll still be facing ransomware attacks five years from now, Gen. Paul Nakasone, commander of U.S. Cyber Command, replied, “Every single day.”

With the spike in ransomware attacks, it’s crucial now more than ever we adopt a cyber-security first approach while at home and work and that we use every tool available to keep our data safe. 

Let’s unpack what ransomware is and how Google’s forward-looking approach helps prevent ransomware attacks.

What Is Ransomware?

In a nutshell, ransomware is a form of malware that threatens to publish, block access to, or destroy data or a computer system until the victim pays a ransom fee to the attacker. The attacker usually does this by encrypting the victim’s files. Both consumers and businesses, no matter the industry, can fall victim to ransomware attacks. 

For an example of ransomware’s costly ripple effect, look no further than the attack on Kaseya in 2020. When the IT service provider’s systems were infiltrated, it affected around 1,500 organizations worldwide. Experts suggest that by 2031, ransoms could reach an annual cost of $265 billion collectively.

The most common attack methods for ransomware are often exploit kits — usually in the form of a malvertisement on a compromised website — and malicious email attachments and links. 

Let’s look at the most prevalent attack vectors by type. 

Email Phishing

Almost everyone has been the target of an email phishing scam. It’s become one of the most common ransomware attack vectors in the last year. According to the FBI’s annual 2020 Internet Crime Report, phishing scams were one of the top three crimes reported by victims in 2020. 

With this tactic, scammers use infected links or attachments in an email to trick you into giving them your personal information, like credentials, to provide the scammer with access to key systems. 0

Remote Desktop Protocol (RDP)

A remote desktop protocol (RDP) is a Windows-developed connection protocol that allows remote access between computers or networks. It’s typically used for remote employees to access files or applications stored locally. 

RDP has become another popular attack vector for bad actors in the last year. While RDP ports are generally safe on private networks, anyone could potentially access ports left open on the Internet. When attackers connect to a port successfully, they gain access to the server and everything within an account’s privilege limits.

Patchy and Outdated Software

Security vulnerabilities found in patchy or outdated software are other targets for ransomware attacks. Attackers exploit these vulnerabilities and use them as entry points to gain access to a system without the proper credentials. From there, they can quickly take over sensitive data or programs. 

Google’s Approach to Protecting Against Ransomware Attacks 

Remote work has made it easier for cybercrimes to thrive. Yet, impressively, Google has so far reported zero ransomware attacks on Chrome OS devices. But how exactly? 

Google is always thinking one step ahead of hackers. In addition to several built-in, proactive security features on Chrome OS devices, Google follows the Cybersecurity Framework’s five main pillars to provide products and strategies that protect against ransomware threats. The philosophies within these pillars can be used as a best practice guide for your own protection protocols.

Pillar #1: Identify Security Threats and Vulnerabilities

This foundational pillar is all about identifying the areas within an organization most vulnerable to attackers, including assets, systems, and data, and understanding the business impact in the event any of those areas become compromised by a ransomware attack. 

Google’s Cloud Asset Inventory provides a mechanism to discover, monitor, and analyze all your assets in one place for tasks like IT ops, security analytics, auditing, and governance.

Pillar #2: Put Safeguards in Place

Once potential security threats and vulnerabilities have been identified, the next step is to put safeguards in place to minimize business impact and ensure the continuous delivery of services in the event they become compromised. 

In addition to Gmail’s advanced phishing and malware protection and Google’s Advanced Protection Program used to defend against account takeovers, BeyondCorp Enterprise provides zero trust access controls that limit attacker access and lateral movement. 

Chromebooks also have several built-in security features to defend against ransomware attacks. 

Pillar #3: Look for and Detect Threats

Continuous detection and monitoring for ransomware threats is key to getting ahead of cybersecurity attacks and minimizing business disruption. There are many tools designed to scan for early signs of ransomware activity. 

Google Cloud’s Cloud Data Loss Prevention tool provides visibility into sensitive data risk across an entire organization, including identifying data that’s public and shouldn’t be.

Pillar #4: Build a Response Program

Having the right response tools are critical in the event of a ransomware attack. It’s especially important to secure communications within and outside of an organization during a cybersecurity event. 

Many organizations have moved from legacy email systems to Google Workspace to improve security and privacy. Workspace offers secure collaboration between remote teams and quickly provides a separate, safe environment to respond to cybersecurity attacks. 

Pillar #5: Create a Recovery Plan

The last pillar is creating a recovery plan and backup strategy for restoring services and assets affected by a ransomware attack. Doing so will lessen the impact of the incident. 

Actifio GO provides safe, point-in-time backup images to recover infected data. Google Workspace also allows you to sync files from your desktop to Google Drive so that you can recover those files in case they become infected with malware. 

Cybersecurity is everyone’s responsibility, and Google’s cloud-based products and services based on the Cybersecurity Framework’s five-pillar approach make everyday security accessible to organizations and their employees.

Talk to Cloudbakers | Qwinix about how Google tools like Google Workspace and Chrome OS can enable your workforce to stay connected, productive, and secure. 

talk to an expert

Let’s Talk About It

Connect with a Qwinix expert to bring leading-edge insights and solutions to your Google Cloud strategy.