Customer Voice Strategic Advisor White Paper

Mounting a Robust “Defense in Depth” Strategy Against Ransomware

Ransomware attacks increased by over 200% in 2020. Numerous organizations in all industries across the globe have been attacked — from the Brazilian government to the Houston Rockets, an American professional basketball team, to Bakker Logistiek in the Netherlands, causing cheese shortages. No one is safe.

Ransomware is a type of malware that attempts to deny access to a user’s or organization’s data, usually by encrypting the data with a cryptographic key known only to the hacker who deploys the malware. The organization’s data is held hostage until the ransom is paid.

How ransomware works

Once ransomware enters a system, it begins encrypting individual files or complete file systems. It blocks user access until requests for payments, which are often displayed in warning messages, are fulfilled. Unfortunately, even if the organization pays the ransom, there is no guarantee that the perpetrators will provide the cryptographic keys needed to decrypt the files.

Ransomware attacks have forced companies to suspend all services and shut down. They have caused organizations to lose hundreds of millions of dollars. They can even cost lives when hospital systems are affected (as with Britain’s National Health Service “WannaCry” hack in 2017). This type of breach has become so prevalent that the United States of America’s Federal Bureau of Investigation obtained a warrant to patch Microsoft Exchange Servers to prevent Hafnium, a Chinese state-sponsored hacking group, from continuing to infiltrate American organizations, steal data, and infect systems with ransomware.

Developing a robust defense

The situation may seem dire, but a sound “Defense in Depth” strategy can help prevent ransomware attacks or — at the least — facilitate an efficient and swift response. Defense in Depth is defined as deploying multiple layers of defense across all endpoints, even in the cloud, to protect an organization from cybersecurity events. VMware’s services for end users, private clouds, public clouds, and modern applications enable organizations to protect, detect, respond to, and recover from cybersecurity attacks across all technology stacks, regardless of their purpose or location.

Ransomware has many attack vectors. The most common are malicious links on the web, in email, on social media, in text documents, and on infected USB devices. They may also involve targeted brute-force Remote Desktop Protocol attacks. VMware solutions, such as Carbon Black and NSX, can protect organizations from these vectors.

Resources that can help

To find out more, check out this “Defense in Depth,” white paper to learn how to leverage technologies to protect, detect, and respond to ransomware for end users, hardening your vSphere private cloud with NSX Advanced Threat Protection, and adding additional layers of security to public clouds and modern applications with CloudHealth Secure State and Tanzu.

Ransomware will continue to be a serious threat over the next few years. If your organization has not yet implemented a robust Defense in Depth strategy to protect against these and other types of attacks, time is of the essence. VMware can help. Just contact your account manager or field engineer to learn more about how to deploy protection for all users, systems, and workloads.