Ransomware Survival Guide: 5 Essential Steps to Take and 5 Costly Mistakes to Avoid
May 22, 2023
In the first half of 2022, there were an estimated 236.1 million ransomware attacks globally. (Griffiths, n.d.)
Ransomware attacks can be devastating to individuals and organizations. These attacks have quickly become the biggest cybersecurity threat, and stories about large-scale extortion attempts against a wide variety of organizations are a daily occurrence. Yet, for every public acknowledgment, there are hundreds of hacks never disclosed, and thousands more attempted.
Better understanding your gaps, vulnerabilities, and prioritizing areas to fix are just a few ways to help you feel better equipped at cyberattack prevention. Here are some practical suggestions should you find yourself a victim.
5 Steps 'To Do' in a Ransomware Attack:
Contain the spread. Identifying the type of ransomware and blocking it at the security system or network level is crucial. This includes removing infected devices from networks, which will help prevent further spread of ransomware malware.
Determine the scope of the attack and root cause. This helps you establish a prioritized mitigation plan and prevent a second attack from happening. If this capability does not exist internally, bringing in a seasoned forensics firm can do wonders.
Communicate! Report the incident internally to business executives and externally to law enforcement. Law enforcement can help guide you on the recovery path and help prevent future attacks.
Preserve the evidence. This may be needed for further root cause analysis or potential future litigation.
And lastly, restore service in order of criticality from clean backups.
5 Steps 'Not to Do' in a Ransomware Attack:
Panic… easier said than done! Ransomware and cyberattacks make anyone's skin crawl and can set up some seriously stressful situations for all parties involved. Remember, cooler heads prevail and can ensure appropriate steps are taken to mitigate an event.
Pay the ransom. Security experts and law enforcement across the board advise against paying. This is due to the low number of successes in recovery (e.g., stolen data, encryption key) and motivates cyber criminals to continue.
Handle it on your own. Don't do this by yourself! Use forensic experts, law enforcement, insurance carriers, and the multitude of educated partners out there to help mitigate impact and risk.
Forget about your regulatory reporting requirements. Each industry has different requirements, so this can get tricky. Make sure you are consulting the most up to date regulatory reports and seeing where you stand.
Assume your backups are clean. Before restoring, ensure backups are free of malware and not corrupted.
5 Steps 'To Prepare' for a Ransomware Attack:
Mitigate Ransomware by having proper cybersecurity hygiene. Scan and patch your environment. Strictly manage user and privilege access. Segment your network. Do the basics as bad actors will look for the path of least resistance. Most importantly, find a partner to help assess your cyber posture and provide recommendations to improve it.
Review and understand cyber insurance. Cyber insurance can help mitigate 'some' of the costs associated with a Ransomware outbreak. However, cybersecurity insurance does not cover intellectual property or trade secrets that may be lost during a Ransomware outbreak. Cybersecurity insurance may also not cover regulatory fines associated with PCI, PII, or HIPPA breaches. Learn more about cyber insurance and why it is so important here
Have a forensics team on retainer. You may not need them, but they're always good to have, especially for more sophisticated attacks.
Backup and test your data and systems recovery. Many organizations can provide Disaster Recovery and Business Continuity services for both development of plans, testing of said plans, and training of individuals identified within the plan based on their roles and responsibilities. You are not alone!
Create and test an incident response plan. Not only is the creation of an incident response plan critical, but the education and testing within your organizations is just as, if not more important. Incident response team members need to be familiar with plans and be able to execute them effectively.