Responding To Ransomware Attacks

Ransomware cyber attacks are a big business, so big in fact, that research anticipates a business is attacked by a cyber criminal every few seconds and damage costs from these attacks will hit around $20 billion this year. 

These attacks are becoming more frequent, severe, and sophisticated and it organisations caught off guard can experience a “paralysis” that lessens the effectiveness of their response. After the recent string of ransomware attacks, including those on the Washington DC Metro Police force and the Colonial gas pipeline, many organisations are ensuring their backup/recovery infrastructure in place is ready to support a recovery should ransomware enter their operations. 

"The most important thing organisations can do is ensure employees are well positioned to recognise a ransomware attack, know what to do, and act quickly," said Anthony Chadd a security risk expert at Neustar. "There should be a cyber crisis response plan in place that all employees have been trained on.  Think of it like CPR for the network... When employees know what to do and can act quickly, it can buy IT and security administrators enough time to avert a major catastrophe."

The first move for an employee  is to record details of the ransom note, which may contain important information for security teams, before disconnecting their machine from the network entirely.

Hackers are now routinely including backup infrastructure in their attacks, thereby making recovery much more difficult or impossible. Index Engines, a cyber defense company that supports backup products from vendors such as Dell to ensure backup environments are available to provide clean recoveries, would like to offer commentary on these and other attacks. 

“Organisations need to accelerate their data resiliency strategy. Gone are the days were cyber criminals maliciously corrupted random data."Jim McGann, Index Engine's VP of Marketing advises “Bad actors are sabotaging companies’ recovery processes to further extend their downtime and force them to pay these exorbitant ransoms. Both the REvil and Conti ransomware have releases updates where they can now corrupt or shut off the backups."

Backup data is critical when recovering from a ransomware attack. Knowing that it is common for cyber criminals to encrypt and corrupt files, backup is where organisations turn to bring the business backup to pre-attack conditions.  

If organisations do not check the integrity of the data in the backups they will be faced with an unwelcome surprise when using these backups to recover. Many will find these backups corrupted, and the data inside these images encrypted and unusable.

Marsh:        Healthcare IT News:     Index Engine:        Blackfog:        Kennedys:    Image: Unsplash

You Might Also Read: 

Key Trends In Cyber Security:

 

« The Next E-Industrial Revolution
British Law To Protect Online Users »

Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Serbus Group

Serbus Group

For over a decade, Serbus has provided clients with the most secure mobile communication tools that offer top level security, threat-protection, and compliancy.

Yarix

Yarix

Yarix provide IT security services including Network Vulnerability Assessment, Data Security, Digital Forensics, 24/7 Security Operations Centre

Veristor

Veristor

Veristor are seasoned experts in IT technology, providing a full suite of design, deployment, support, and managed service offerings.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.