Business Daily Media

Five steps to protect against and recover from ransomware attacks

  • Written by Michael Bovalino, ANZ Country Manager, LogRhythm

Ransomware attacks are on the rise and organisations of all sizes are falling victim. The attacks involve cybercriminals infecting a target’s IT infrastructure, encrypting vital data, and then demanding a ransom payment in exchange for the keys. Right now, they top the list of concerns for IT security teams around the world and are poised to become even worse during 2022.

Industry research1 shows there was a staggering 1318% year-on-year increase in ransomware attacks in the first half of 2021. Interestingly, 94% of the associated malware was delivered by email while 54% of malicious apps impersonated social media platform TikTok.

Very concerningly, the research also found that 77% of organisations do not have a cybersecurity incident response plan, and so clearly there is work to be done. Five key steps that can be taken to ward off ransomware attacks or recover should one occur are:

  1. Preparation:
    The number of ransomware attacks is continuing to climb at an alarming rate. Organisations cannot afford to ignore this trend and must have in place detailed plans covering how they would respond should an attack occur.

    A key part of preparation is the optimisation and protection of data backups. Ensure there are recent copies stored in different locations which can be used quickly should an attack disable core systems.

    Also, your organisation should deploy a least-privileges strategy which ensures each staff member only has access to the resources they require to carry out their role. This means that, should an attacker obtain a staff-member’s credentials, they won’t automatically have access to the organisation’s entire IT infrastructure.

    Other measures to consider include conducting regular user training that alerts them to potential threats, and the purchase of suitable insurance policies.

  2. Detection:
    A key capability needed to avoid the expense and disruption that ransomware can cause is the ability to detect an attack early. This can be achieved by having in place tools that monitor for unusual network activity and alert IT security teams that can then take a closer look. All incoming email should also be automatically scanned to detect malicious links and payloads before being delivered to user inboxes.

    Security teams should also constantly monitor for early signs of encryption. These can include unusual file name changes or large numbers of files being copied or moved to a different location within the infrastructure.

  3. Containment:
    Should a ransomware attack take place it might be possible to contain the fallout to a limited number of systems within your organisation’s infrastructure. By taking steps to ringfence the attack, it can be prevented from escalating further and potentially encrypting other valuable core applications and databases.

    Here, having pre-designed playbooks available is important. These will guide the security team and ensure that all required steps are undertaken. These steps will include the lockdown and quarantine of any infected endpoints and the killing of any unauthorised processes that might be running.

  4. Eradication:
    Once an attack has been detected and contained, the next step is to eradicate the associated malware from all infected systems. Security teams need to undertake this step carefully and thoroughly as any code that remains could allow a cybercriminal to mount a fresh attack in the future.

  5. Recovery:
    The final step involves following your organisation’s disaster recovery plan and getting all systems fully operational once more. To achieve this, all infected servers and endpoints should be wiped and rebuilt.

    Once this has been completed, data can be copied from secure backups to allow normal operation to begin. It’s also important to check that all scheduled data backups are again occurring as these will be the best defence against subsequent attacks.

    If appropriate, law enforcement authorities should be alerted about the attack. Customers and partners should also be informed if it is likely that sensitive data may have been compromised. Finally, all staff should be informed about what has occurred and the steps that have been taken to aid recovery.

The threats posed by ransomware are going to continue to increase in the months and years ahead. By having detailed plans in place that cover protective measures and responses, organisations can be best placed to avoid significant fallout.

1 Source: Trend Micro, IBM, CSO (2021)

Get into the property market: Buy a house with someone else and split the home loan. Find out the pros and cons

Split home loans are on the rise as more Aussies pool their cash to get into the property market to enjoy the wealth creating benefits of home own...

Property

How Successful Businesses Make a Good Impression on Customers

For a business to go from being barely profitable to highly successful, it has to do a number of things right. No business stumbles upon long term...

Business Training

5 Steps for Creating Effective Solutions to UX Problems

One of the most important components of any website or app is the design of the user experience (UX). Even the smallest UX issues need to be ident...

Business Training

Tips for selecting your large house number for visibility

House numbers are a crucial part of any home, both in design and for practical reasons. We have all been there, trying to find a friend’s house or...

Property

What You Need To Know About Filing Taxes

As a business owner in the United States, filing taxes can be a daunting and complicated process. However, with the right knowledge and preparatio...

Business Training

Hire a Removalist: Your Guide To The Right Movers

Hiring removalists for your move is the best way to ensure this stressful experience runs smoothly. With their help and expertise, you can rest as...

Property