Building a Threat-Ready Ransomware Response Plan

Uploaded on 2022-08-10 in TECHNOLOGY--Resilience, FREE TO VIEW

Across the globe, ransomware continues to be one of the top threats facing modern organisations. This evolving high-risk threat uses malicious software to restrict access to an individual’s or company’s vital information, and then demands some form of payment to lift the restriction.

Ransomware attacks are rapidly growing in popularity as more organisations rely on digital infrastructure to run their networks.

In the early days of ransomware, attacks were largely opportunistic, affecting individual users’ or small businesses’ computers. Today, criminals are setting their sights on larger organisations with more frequent attacks. According to Statista, organisations have been hit with a staggering 236.1 million global ransomware attacks in the first half of 2022.

Consequently, this is leading to bigger losses for organisations, with the damage from an attack costing more than ever before. The ramifications of a successful attack are far more extensive than just the cost of the ransom -  lost productivity, loss of business, reputational damage, inconvenience to customers and potentially the permanent loss of data can all result from a ransomware attack.

To overcome the challenges associated with ransomware attacks, organisations need to ensure they have an end-to-end plan in place to get their services up and running in the quickest time possible to avoid large scale disruption.

A Proactive Response

Ransomware attacks are increasing in sophistication and seriousness. Despite this, research from UpCity has revealed that only 50% of small and medium-sized businesses (SMBs) have a cybersecurity plan in place to combat attacks.

Organisations of all sizes need to take proactive action to protect their businesses from the potential of a devastating attack. There are 5 crucial steps they can take to ensure future business continuity and tackle the risk of ransomware.

1.    Preparation

As ransomware grows in sophistication, organisations need to be prepared for the very real risk of falling victim to a targeted attack.

The malware often enters systems through known vulnerabilities, the best step organisations can take to strengthen defences is to aggressively patch their systems. 

At the same time, they need to ensure they are frequently backing up all documents in a secure location that can’t be affected by an attack, whilst educating users on how to recognise signs of a potential attack.  

2.    Detection

In the unfortunate event of an attack, organisations need to ensure they have the measures in place to quickly identify the threat, and therefore minimise the damage to their network.

Rapid threat detection involves having the right security tools, such as Network Detection and Response (NDR) solutions, in place to identify any suspicious activity and bring this to the attention of an organisation’s security operations centre (SOC).  

3.    Containment

Once the ransomware has already infected one device, there are several measures an organisation can take to contain it locally so the attack doesn’t spread to the rest of its network.

The successful containment of a threat involves disabling network connectivity to stop ransomware from encrypting files on the network. To truly contain the threat, organisations need to consider rebuilding their systems.

There can be latent tools the attackers have put in place that you may not catch if you try to clean the system. By rebuilding, organisations have a much better chance of starting fresh and completely remediating the attack.

4.    Eradication

After a ransomware incident has occurred, and it has been contained, the threat needs to be successfully eradicated from the network.

As with any type of malware, it’s difficult to know if residual files are hidden on the system and able to re-infect devices. Due to this, the most effective way to remove the threat is to replace the compromised devices rather than clean the network.

However, for network locations such as mailboxes or file shares, sometimes it is more relevant to clean those locations, remove the malicious email message from the mailbox, or remove the ransomware instructions from the file share.

5.    Recovery

For recovery, the number one task is restoring from backup. Organisations that have comprehensive, verified backups can quickly bounce back from any ransomware event by simply replacing or cleaning infected systems and recovering from backups.

For a complete ransomware investigation, organisations should complete their recovery phase by doing a full investigation into what specific infection source was used against the system, for example whether the threat originated from a phishing email, or a web-based attack kit etc. 

Fighting Future Threats

No organisation is safe from the imminent threat of ransomware, with attacks on an organisation now being a matter of ‘when’ rather than ‘if’.

An organisation’s success in defending against a ransomware attack relies on their level of preparation and the tools used to monitor their systems. With the right measures in place, they can effectively detect, investigate and neutralise the emerging risks to their networks.

Kev Eley is VP of Sales, UK and Europe at LogRhythm

You Might Also Read: 

Negotiating Ransom: To Pay Or Not?:

 

« Update: British NHS Confirms A Damaging Software Attack
Mercenary Cyber Spies For Hire »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Brinqa

Brinqa

Brinqa is a leading provider of unified risk management and security analytics.to manage IT governance and technology risk.

MKD-CIRT

MKD-CIRT

MKD-CIRT is the national Computer Incident Response Team for Macedonia.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

SensorHound

SensorHound

SensorHound’s mission is to improve the security and reliability of the Internet of Things (IoT).

Phosphorus Cybersecurity

Phosphorus Cybersecurity

Phosphorus has fully automated remediation of the two biggest IoT vulnerabilities, out of date firmware and default credentials.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

UltraSoC Technologies

UltraSoC Technologies

Marlabs

Marlabs

Marlabs is a Digital Technology Solutions company that helps companies adopt digital transformation using a comprehensive framework including Digital Automation, Enterprise Analytics and Security.

Dynatrace

Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

NetBlocks

NetBlocks

NetBlocks is a global internet monitor working at the intersection of digital rights, cyber-security and internet governance.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.

Hanwha Systems

Hanwha Systems

Hanwha Systems is a global company based in South Korea providing defense electronics and smart ICT solutions.