However, one of the most impactful issues facing organizations fell to fourth in the report, despite its
            potential to fuel future ransomware attacks: the severity of data breaches.

            After  the  significant  disruption  of  an  initial  ransomware  attack,  it  is  easy  for  organizations  to  view
            subsequent  intrusions  as  standalone  events,  each  compartmentalized  in  its  circumstances  and
            highlighting yet another vulnerability that new tools need to solve.

             It’s more likely that these ransomware attacks are recurring from data taken in the initial breach that has
            become a force multiplier of new intrusions. Without organizations having full visibility into what data has
            been compromised, they may be subject to a feedback loop of new ransomware attacks resulting from
            data taken in the initial breach.

             At its foundation, the full mitigation of a ransomware attack is still a challenge for organizations. Even
            with a percentage of organizations able to retrieve their stolen data post-attack, that doesn’t mean that
            data wasn’t already shared more widely for other follow-on attacks, as the multiple attack data may
            indicate.

             With current endpoint solutions only accounting for the initial infection on a device and not the additional
            applications or tools that may have been impacted, a big part of the post-infection remediation is missing
            for most organizations to truly be free of exposure.




            The post infection remediation approach



            Remediating malware infection usually begins and ends with re-imaging the infected machine, but as
            we’ve seen from recaptured data, criminal activity usually lives well beyond the scope of an initial malware
            infection.

            Post-infection remediation, rather than focusing just on the machine, requires exploring what information
            was exposed and then remediating that exposure to its furthest reaches.

             A machine’s infection is not fully remediated until the exposure of the user and the user’s impacted
            applications are known and  accounted for. This means taking the appropriate steps to re-image the
            infected machine and researching the impacts of that infection concurrently to prevent new attacks from
            materializing.

             Factoring post-infection remediation into an enterprise’s cybersecurity plan helps prevent attackers from
            re-accessing a network through malware-harvested credentials, stolen session cookies, and other data
            exposed from an infostealer infection.

             While wiping malware-infected devices is the first step, organizations also need full visibility into the
            devices,  applications  and  users  that  may  have  been  compromised  by  an  infection.  Without  all  that
            compromised  data  being  remediated,  the  enterprise  remains  at  risk  for  follow-on  attacks  including
            ransomware.






            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         142
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.