Business Daily Media

The Times Real Estate

.

Five steps to protect against and recover from ransomware attacks

  • Written by Michael Bovalino, ANZ Country Manager, LogRhythm

Ransomware attacks are on the rise and organisations of all sizes are falling victim. The attacks involve cybercriminals infecting a target’s IT infrastructure, encrypting vital data, and then demanding a ransom payment in exchange for the keys. Right now, they top the list of concerns for IT security teams around the world and are poised to become even worse during 2022.

Industry research1 shows there was a staggering 1318% year-on-year increase in ransomware attacks in the first half of 2021. Interestingly, 94% of the associated malware was delivered by email while 54% of malicious apps impersonated social media platform TikTok.

Very concerningly, the research also found that 77% of organisations do not have a cybersecurity incident response plan, and so clearly there is work to be done. Five key steps that can be taken to ward off ransomware attacks or recover should one occur are:

  1. Preparation:
    The number of ransomware attacks is continuing to climb at an alarming rate. Organisations cannot afford to ignore this trend and must have in place detailed plans covering how they would respond should an attack occur.

    A key part of preparation is the optimisation and protection of data backups. Ensure there are recent copies stored in different locations which can be used quickly should an attack disable core systems.

    Also, your organisation should deploy a least-privileges strategy which ensures each staff member only has access to the resources they require to carry out their role. This means that, should an attacker obtain a staff-member’s credentials, they won’t automatically have access to the organisation’s entire IT infrastructure.

    Other measures to consider include conducting regular user training that alerts them to potential threats, and the purchase of suitable insurance policies.

  2. Detection:
    A key capability needed to avoid the expense and disruption that ransomware can cause is the ability to detect an attack early. This can be achieved by having in place tools that monitor for unusual network activity and alert IT security teams that can then take a closer look. All incoming email should also be automatically scanned to detect malicious links and payloads before being delivered to user inboxes.

    Security teams should also constantly monitor for early signs of encryption. These can include unusual file name changes or large numbers of files being copied or moved to a different location within the infrastructure.

  3. Containment:
    Should a ransomware attack take place it might be possible to contain the fallout to a limited number of systems within your organisation’s infrastructure. By taking steps to ringfence the attack, it can be prevented from escalating further and potentially encrypting other valuable core applications and databases.

    Here, having pre-designed playbooks available is important. These will guide the security team and ensure that all required steps are undertaken. These steps will include the lockdown and quarantine of any infected endpoints and the killing of any unauthorised processes that might be running.

  4. Eradication:
    Once an attack has been detected and contained, the next step is to eradicate the associated malware from all infected systems. Security teams need to undertake this step carefully and thoroughly as any code that remains could allow a cybercriminal to mount a fresh attack in the future.

  5. Recovery:
    The final step involves following your organisation’s disaster recovery plan and getting all systems fully operational once more. To achieve this, all infected servers and endpoints should be wiped and rebuilt.

    Once this has been completed, data can be copied from secure backups to allow normal operation to begin. It’s also important to check that all scheduled data backups are again occurring as these will be the best defence against subsequent attacks.

    If appropriate, law enforcement authorities should be alerted about the attack. Customers and partners should also be informed if it is likely that sensitive data may have been compromised. Finally, all staff should be informed about what has occurred and the steps that have been taken to aid recovery.

The threats posed by ransomware are going to continue to increase in the months and years ahead. By having detailed plans in place that cover protective measures and responses, organisations can be best placed to avoid significant fallout.

1 Source: Trend Micro, IBM, CSO (2021)

Five signs that AI is growing faster than the internet did

What do Aussie businesses need to do to keep up? There has been mounting chatter that AI is growing even faster than the rapid acceleration we sa...

Protecting Your Small Business from Cyber Threats This Holiday Season

The holiday season brings a surge of online activity for small and medium businesses (SMBs), with increased sales and customer inquiries offering ...

Essential SEO Strategies: Boosting Your Real Estate Business

In recent years, it is said that more and more people are searching for properties online than those who visit real estate companies in person. For ...

Every Business Needs to Apply a Concrete Strategy

Do you want your website to rank higher in the top results of the Google search engine? Then hire the excellent SEO Services in Australia for your n...

Navigating Cyber Fraud After a Natural Disaster

As Australia enters another long, hot and potentially destructive summer, businesses and residents are preparing for the natural disasters synonym...

8seats messaging startup aims to transform business communication

The new platform brings an innovative approach to unite office-based and desk-less teams 8seats, a next-generation messaging platform for busine...

Sell by LayBy