A structured approach to ransomware protection

To counter modern ransomware threats, you need more than just endpoint protection.

For most of the past year, ransomware stories have featured regularly on news websites — and not just high-profile incidents (although there’s no shortage of those). Ransomware creators are actively refining their methods and technologies. In 2020, we saw the merger of several groups into a cartel, the creation of sites for the publication of stolen materials, auctions for the sale of stolen information, and the first ransomware for Linux. More recently, news also emerged that a ransomware group had started using hacked Facebook accounts to intimidate victims.

According to Krebs on Security, a group calling itself Ragnar_Locker Team took over the Facebook page of a Chicago-based DJ, launching an ad campaign in his name. Meanwhile, announcements with the subheading “Ragnar_Locker Team press release” pointed directly to a successful attack on beverage maker Campari Group. In them, the attackers also boasted about the amount of stolen information in their possession, threatening to publish it if Campari refused to pay the ransom demand.

All this seems to confirm that ransomware authors feel untouchable and are willing to spend part of their ill-gotten gains on mastering new technical tools and pressure levers. That means antiransomware efforts require more than just a security product on a workstation. And we’re not the only ones who have come to that conclusion: Gartner recently proposed the Ransomware Defense Architecture method of protection.

Gartner’s structured approach

Ransomware Defense Architecture combines IT systems and operations with security risk management. According to Gartner, technical professionals cannot approach ransomware defense from just one domain. Domains such as storage, networking and data protection, on-premises, in the cloud, and at the edge all have to take security into consideration when confronting a ransomware attack. Gartner sees ransomware attacks on a continuum timeline with five phases:

  • Phase 1 — Prepare
  • Phase 2 — Prevent
  • Phase 3 — Detect
  • Phase 4 — Mitigate
  • Phase 5 — Recover

Whereas phases 1 and 2 take place before an incident, phases 3 and 4 are during or at about the same time as the incident, and phase 5 occurs postincident.

Our solutions

As we see it, we offer the most comprehensive portfolio of solutions to cover the Gartner Ransomware Defense Architecture structure, with customer reviews for these solutions on Gartner Peer Insights placing us among the highest rated. In response to the high level of ratings we achieved, Kaspersky was named a Gartner Peer Insights Customers’ Choice in the most recent iteration for Endpoint Protection Platforms in 2019, and Endpoint Detection and Response and Secure Web Gateway in 2020.

Phase 1: Prepare

Technology: Phishing Training Security Hygiene
Gartner Peer Insights Market: Security Awareness Computer-Based Training
Our solutions: Kaspersky Automated Security Awareness Platform, Kaspersky Adaptive Online Training
Customer Reviews (as of Nov. 1, 2020): 4.8 / 5.0; 98% Would Recommend; 45 reviews in the last 12 months

Phase 2: Prevent

Technologies: EPP, MTD, SEG
Gartner Peer Insights Market: Endpoint Protection Platforms
Our solution: Kaspersky Endpoint Security for Business
Customer Reviews (as of Nov. 1, 2020): 4.8 / 5.0; 94% Would Recommend; 512 reviews in the last 12 months

Technology: EDR
Gartner Peer Insights Market: Endpoint Detection and Response Solutions
Our solutions: Kaspersky Endpoint Detection and Response
Customer Reviews (as of Nov. 1, 2020): 84 reviews; 4.9 / 5.0; 100% Would Recommend;

Technology: VM and Patch
Gartner Peer Insights Market: Cloud Workload Protection Platforms
Our solutions: Kaspersky Hybrid Cloud Security
Customer Reviews (as of Nov. 1, 2020): 69 reviews in the last 12 months; 4.9 / 5.0; 99% Would Recommend

Phase 3: Detect

Technologies: EDR, MTD
Gartner Peer Insights Market: Endpoint Detection and Response Solutions
Our solutions: Kaspersky Endpoint Detection and Response Optimum
Customer Reviews (as of Nov. 1, 2020): 84 reviews; 4.9 / 5.0; 100% Would Recommend

Technology: SWG
Gartner Peer Insights Market: Secure Web Gateways
Our solutions: Kaspersky Security for Internet Gateway
Customer Reviews (as of Nov. 1, 2020): 57 reviews; 4.6 / 5.0; 95% Would Recommend

Technology: NDR
Gartner Peer Insights Market: Endpoint Detection and Response Solutions
Our solutions:Kaspersky Anti-Targeted Attack Platform
Customer Reviews (as of Nov. 1, 2020): 84 reviews; 4.9 / 5.0  ;100% Would Recommend

Technology: NDR
Gartner Peer Insights Market: Operational Technology Solution
Our solutions: Kaspersky Industrial Cybersecurity
Customer Reviews (as of Nov. 1, 2020): 74 reviews; 4.7 / 5.0 ; 95% Would Recommend

Phase 4: Remediate

Technology: EDR, MTD
Gartner Peer Insights Market: Endpoint Detection and Response Solutions
Our solutions: Kaspersky Endpoint Detection and Response
Customer Reviews (as of Nov. 1, 2020): 84 reviews; 4.9 / 5.0; 100% Would Recommend;

This type of feedback from our customers is a genuine honor and spurs us to continue developing cutting-edge solutions. All of us at Kaspersky are enormously grateful to our customers for taking time from their busy schedules to voice their opinions of our solutions and help other peers in their decision-making process — theirs are the opinions we consider the most important. Finally, we want to recognize our various teams, without whose tireless efforts none of this would be possible.

The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

Tips