"Ransomware attackers don't take holidays"

Doosan Digital Innovation (CEO, Justin Park), together with its global XDR (eXtended Detection and Response) security partner Cybereason, has presented security countermeasures for companies ahead of the Lunar New Year holiday.

On the 19th, Cybereason announced the results of "Organizations at Risk: Ransomware Attackers Don't Take Holidays," a survey of 1,203 global security professionals and companies that experienced ransomware attacks on holidays or weekends last year.

According to the report, the risks faced by organizations due to ransomware attacks occurring on holidays and weekends are increasing, and the time to assess and resolve attacks during these periods is taking longer each year. The reason for this is that 44% of companies reduce their security personnel by up to 70% on holidays and weekends compared to weekdays, while 20% of companies reduce it by up to 90%.

Attacks carried out during holidays and weekends were also found to cause greater financial losses than attacks on weekdays. One-third of respondents said they suffered more revenue losses due to ransomware attacks on holidays and weekends, an increase of about 13% compared to the previous year. Losses surged particularly in the education (43%) and transportation (48%) sectors.

Cyber attacks are not only causing financial losses but also disrupting the personal lives of security personnel. In fact, 88% of respondents said they couldn't rest on holidays and weekends due to ransomware attacks, and over 90% of respondents in the financial services industry said they missed time they could have spent with their families.

In light of this, Cybereason and Doosan Digital Innovation have presented five corporate security countermeasures ahead of the upcoming Lunar New Year holiday.

1. Prevent ransomware with EDR 
Use Endpoint Detection & Response (EDR) to prevent ransomware and avert disasters caused by it. 

EDR is a solution that enables immediate detection and response when specific behaviors or anomalies are observed. In cases where monitoring and response are difficult, MDR (Managed Detection & Response) can be used to allow expert groups to judge and respond to detected attacks. 

2. Build a secure environment
 Implement security awareness programs for employees and ensure regular updates and patches are applied to operating systems and other software to create a thoroughly secure environment. 

3. Establish emergency contact networks with key personnel
 Create a situation where key personnel can be contacted at any time, enabling swift responses and measures even during holidays and weekends. 

4. Check if isolation processes are in place when threats are detected
 Verify that there are definite isolation processes to prevent additional network intrusions or ransomware expansion to other devices. Tasks such as disconnecting hosts, locking compromised accounts, and blocking malicious domains should be performed. It is recommended to test these procedures at least quarterly. 

5. Verify important account lockdowns
 Check the lockdown status of important accounts. This is because attackers often use the path of elevating privileges to the administrative domain level and then deploying ransomware when propagating it through the network.

Meanwhile, Doosan Digital Innovation has formed a strategic partnership with Cybereason and has been providing integrated security solutions including △Endpoint Detection and Response (EDR) △Managed Detection and Response (MDR) △Next-Generation Antivirus (NGAV) △Ransomware and Fileless Malware Prevention to customers in Korea and the Asia-Pacific region.