Building a Threat-Ready Ransomware Response Plan

Uploaded on 2022-08-10 in TECHNOLOGY--Resilience, FREE TO VIEW

Across the globe, ransomware continues to be one of the top threats facing modern organisations. This evolving high-risk threat uses malicious software to restrict access to an individual’s or company’s vital information, and then demands some form of payment to lift the restriction.

Ransomware attacks are rapidly growing in popularity as more organisations rely on digital infrastructure to run their networks.

In the early days of ransomware, attacks were largely opportunistic, affecting individual users’ or small businesses’ computers. Today, criminals are setting their sights on larger organisations with more frequent attacks. According to Statista, organisations have been hit with a staggering 236.1 million global ransomware attacks in the first half of 2022.

Consequently, this is leading to bigger losses for organisations, with the damage from an attack costing more than ever before. The ramifications of a successful attack are far more extensive than just the cost of the ransom -  lost productivity, loss of business, reputational damage, inconvenience to customers and potentially the permanent loss of data can all result from a ransomware attack.

To overcome the challenges associated with ransomware attacks, organisations need to ensure they have an end-to-end plan in place to get their services up and running in the quickest time possible to avoid large scale disruption.

A Proactive Response

Ransomware attacks are increasing in sophistication and seriousness. Despite this, research from UpCity has revealed that only 50% of small and medium-sized businesses (SMBs) have a cybersecurity plan in place to combat attacks.

Organisations of all sizes need to take proactive action to protect their businesses from the potential of a devastating attack. There are 5 crucial steps they can take to ensure future business continuity and tackle the risk of ransomware.

1.    Preparation

As ransomware grows in sophistication, organisations need to be prepared for the very real risk of falling victim to a targeted attack.

The malware often enters systems through known vulnerabilities, the best step organisations can take to strengthen defences is to aggressively patch their systems. 

At the same time, they need to ensure they are frequently backing up all documents in a secure location that can’t be affected by an attack, whilst educating users on how to recognise signs of a potential attack.  

2.    Detection

In the unfortunate event of an attack, organisations need to ensure they have the measures in place to quickly identify the threat, and therefore minimise the damage to their network.

Rapid threat detection involves having the right security tools, such as Network Detection and Response (NDR) solutions, in place to identify any suspicious activity and bring this to the attention of an organisation’s security operations centre (SOC).  

3.    Containment

Once the ransomware has already infected one device, there are several measures an organisation can take to contain it locally so the attack doesn’t spread to the rest of its network.

The successful containment of a threat involves disabling network connectivity to stop ransomware from encrypting files on the network. To truly contain the threat, organisations need to consider rebuilding their systems.

There can be latent tools the attackers have put in place that you may not catch if you try to clean the system. By rebuilding, organisations have a much better chance of starting fresh and completely remediating the attack.

4.    Eradication

After a ransomware incident has occurred, and it has been contained, the threat needs to be successfully eradicated from the network.

As with any type of malware, it’s difficult to know if residual files are hidden on the system and able to re-infect devices. Due to this, the most effective way to remove the threat is to replace the compromised devices rather than clean the network.

However, for network locations such as mailboxes or file shares, sometimes it is more relevant to clean those locations, remove the malicious email message from the mailbox, or remove the ransomware instructions from the file share.

5.    Recovery

For recovery, the number one task is restoring from backup. Organisations that have comprehensive, verified backups can quickly bounce back from any ransomware event by simply replacing or cleaning infected systems and recovering from backups.

For a complete ransomware investigation, organisations should complete their recovery phase by doing a full investigation into what specific infection source was used against the system, for example whether the threat originated from a phishing email, or a web-based attack kit etc. 

Fighting Future Threats

No organisation is safe from the imminent threat of ransomware, with attacks on an organisation now being a matter of ‘when’ rather than ‘if’.

An organisation’s success in defending against a ransomware attack relies on their level of preparation and the tools used to monitor their systems. With the right measures in place, they can effectively detect, investigate and neutralise the emerging risks to their networks.

Kev Eley is VP of Sales, UK and Europe at LogRhythm

You Might Also Read: 

Negotiating Ransom: To Pay Or Not?:

 

« Update: British NHS Confirms A Damaging Software Attack
Mercenary Cyber Spies For Hire »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

Adeptis Group

Adeptis Group

Adeptis are experts in cyber security recruitment, providing bespoke staffing solutions to safeguard your organisation against ever-changing cyber threats.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

Network Center Inc (NCI)

Network Center Inc (NCI)

NCI is one of the largest IT solution providers in the Midwest. We specialize in industry specific technology solutions, service, support, and expertise for small to enterprise businesses.

Uptycs

Uptycs

Uptycs combines the open source universal agent, osquery, with a scalable security analytics platform for fleet visibility, intrusion detection, vulnerability monitoring and compliance.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

Upstack

Upstack

UPSTACK - One partner, end-to-end expertise, helping develop the solutions you need – when you need them.

Datos Insights

Datos Insights

Datos Insights is a leading global provider of insights, data, and advisory services to the financial services, insurance, and retail technology industries.

True Corporation

True Corporation

True Corporation is Thailand’s leading Telecom-Tech company, empowering people and businesses with connected solutions that advance society sustainably.

Zynap

Zynap

Zynap is an Advanced AI-powered SaaS platform replicating cybercriminal tactics to predict, detect, and neutralize threats before they strike.