Building a Threat-Ready Ransomware Response Plan

Uploaded on 2022-08-10 in TECHNOLOGY--Resilience, FREE TO VIEW

Across the globe, ransomware continues to be one of the top threats facing modern organisations. This evolving high-risk threat uses malicious software to restrict access to an individual’s or company’s vital information, and then demands some form of payment to lift the restriction.

Ransomware attacks are rapidly growing in popularity as more organisations rely on digital infrastructure to run their networks.

In the early days of ransomware, attacks were largely opportunistic, affecting individual users’ or small businesses’ computers. Today, criminals are setting their sights on larger organisations with more frequent attacks. According to Statista, organisations have been hit with a staggering 236.1 million global ransomware attacks in the first half of 2022.

Consequently, this is leading to bigger losses for organisations, with the damage from an attack costing more than ever before. The ramifications of a successful attack are far more extensive than just the cost of the ransom -  lost productivity, loss of business, reputational damage, inconvenience to customers and potentially the permanent loss of data can all result from a ransomware attack.

To overcome the challenges associated with ransomware attacks, organisations need to ensure they have an end-to-end plan in place to get their services up and running in the quickest time possible to avoid large scale disruption.

A Proactive Response

Ransomware attacks are increasing in sophistication and seriousness. Despite this, research from UpCity has revealed that only 50% of small and medium-sized businesses (SMBs) have a cybersecurity plan in place to combat attacks.

Organisations of all sizes need to take proactive action to protect their businesses from the potential of a devastating attack. There are 5 crucial steps they can take to ensure future business continuity and tackle the risk of ransomware.

1.    Preparation

As ransomware grows in sophistication, organisations need to be prepared for the very real risk of falling victim to a targeted attack.

The malware often enters systems through known vulnerabilities, the best step organisations can take to strengthen defences is to aggressively patch their systems. 

At the same time, they need to ensure they are frequently backing up all documents in a secure location that can’t be affected by an attack, whilst educating users on how to recognise signs of a potential attack.  

2.    Detection

In the unfortunate event of an attack, organisations need to ensure they have the measures in place to quickly identify the threat, and therefore minimise the damage to their network.

Rapid threat detection involves having the right security tools, such as Network Detection and Response (NDR) solutions, in place to identify any suspicious activity and bring this to the attention of an organisation’s security operations centre (SOC).  

3.    Containment

Once the ransomware has already infected one device, there are several measures an organisation can take to contain it locally so the attack doesn’t spread to the rest of its network.

The successful containment of a threat involves disabling network connectivity to stop ransomware from encrypting files on the network. To truly contain the threat, organisations need to consider rebuilding their systems.

There can be latent tools the attackers have put in place that you may not catch if you try to clean the system. By rebuilding, organisations have a much better chance of starting fresh and completely remediating the attack.

4.    Eradication

After a ransomware incident has occurred, and it has been contained, the threat needs to be successfully eradicated from the network.

As with any type of malware, it’s difficult to know if residual files are hidden on the system and able to re-infect devices. Due to this, the most effective way to remove the threat is to replace the compromised devices rather than clean the network.

However, for network locations such as mailboxes or file shares, sometimes it is more relevant to clean those locations, remove the malicious email message from the mailbox, or remove the ransomware instructions from the file share.

5.    Recovery

For recovery, the number one task is restoring from backup. Organisations that have comprehensive, verified backups can quickly bounce back from any ransomware event by simply replacing or cleaning infected systems and recovering from backups.

For a complete ransomware investigation, organisations should complete their recovery phase by doing a full investigation into what specific infection source was used against the system, for example whether the threat originated from a phishing email, or a web-based attack kit etc. 

Fighting Future Threats

No organisation is safe from the imminent threat of ransomware, with attacks on an organisation now being a matter of ‘when’ rather than ‘if’.

An organisation’s success in defending against a ransomware attack relies on their level of preparation and the tools used to monitor their systems. With the right measures in place, they can effectively detect, investigate and neutralise the emerging risks to their networks.

Kev Eley is VP of Sales, UK and Europe at LogRhythm

You Might Also Read: 

Negotiating Ransom: To Pay Or Not?:

 

« Update: British NHS Confirms A Damaging Software Attack
Mercenary Cyber Spies For Hire »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

ThreatQuotient

ThreatQuotient

ThreatQuotient delivers an open and extensible threat intelligence platform to provide defenders the context, customization and collaboration needed for increased security effectiveness.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

Danish Maritime Cybersecurity Unit

Danish Maritime Cybersecurity Unit

The Danish Maritime Cybersecurity Unit is tasked with delivering the initiatives set out in the Cyber and Information Security Strategy for the Maritime Sector.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Force Majeure

Force Majeure

Force Majeure specializes in cybersecurity, incident response, and digital forensics, with experience spanning more than a decade.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

CerraCap Ventures

CerraCap Ventures

CerraCap Ventures invest globally into early-stage B2B companies in Healthcare, Enterprise AI and Cyber Security.

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

Pointsharp

Pointsharp

Pointsharp delivers software and services that help organizations secure data, identities, and access in a user-friendly way.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.