Responding To Ransomware Attacks

Uploaded on 2021-05-17 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware cyber attacks are a big business, so big in fact, that research anticipates a business is attacked by a cyber criminal every few seconds and damage costs from these attacks will hit around $20 billion this year. 

These attacks are becoming more frequent, severe, and sophisticated and it organisations caught off guard can experience a “paralysis” that lessens the effectiveness of their response. After the recent string of ransomware attacks, including those on the Washington DC Metro Police force and the Colonial gas pipeline, many organisations are ensuring their backup/recovery infrastructure in place is ready to support a recovery should ransomware enter their operations. 

"The most important thing organisations can do is ensure employees are well positioned to recognise a ransomware attack, know what to do, and act quickly," said Anthony Chadd a security risk expert at Neustar. "There should be a cyber crisis response plan in place that all employees have been trained on.  Think of it like CPR for the network... When employees know what to do and can act quickly, it can buy IT and security administrators enough time to avert a major catastrophe."

The first move for an employee  is to record details of the ransom note, which may contain important information for security teams, before disconnecting their machine from the network entirely.

Hackers are now routinely including backup infrastructure in their attacks, thereby making recovery much more difficult or impossible. Index Engines, a cyber defense company that supports backup products from vendors such as Dell to ensure backup environments are available to provide clean recoveries, would like to offer commentary on these and other attacks. 

“Organisations need to accelerate their data resiliency strategy. Gone are the days were cyber criminals maliciously corrupted random data."Jim McGann, Index Engine's VP of Marketing advises “Bad actors are sabotaging companies’ recovery processes to further extend their downtime and force them to pay these exorbitant ransoms. Both the REvil and Conti ransomware have releases updates where they can now corrupt or shut off the backups."

Backup data is critical when recovering from a ransomware attack. Knowing that it is common for cyber criminals to encrypt and corrupt files, backup is where organisations turn to bring the business backup to pre-attack conditions.  

If organisations do not check the integrity of the data in the backups they will be faced with an unwelcome surprise when using these backups to recover. Many will find these backups corrupted, and the data inside these images encrypted and unusable.

Marsh:        Healthcare IT News:     Index Engine:        Blackfog:        Kennedys:    Image: Unsplash

You Might Also Read: 

Key Trends In Cyber Security:

 

« The Next E-Industrial Revolution
British Law To Protect Online Users »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

Attivo Networks

Attivo Networks

Attivo Networks is an award winning provider of deception for in-network threat detection, attack forensic analysis, and continuous threat response.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Irdeto

Irdeto

Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, gaming, connected transport and IoT connected industries.

AVeS Cyber Security

AVeS Cyber Security

AVeS combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

GuardYoo

GuardYoo

GuardYoo's SaaS platform allows cybersecurity professionals to perform Compromise Assessment remotely from anywhere in the world.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

Delta Partners

Delta Partners

Delta Partners is a venture capital firm investing in Ireland and the United Kingdom with a strong focus on early stage technology companies.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.