Responding To Ransomware Attacks

Uploaded on 2021-05-17 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware cyber attacks are a big business, so big in fact, that research anticipates a business is attacked by a cyber criminal every few seconds and damage costs from these attacks will hit around $20 billion this year. 

These attacks are becoming more frequent, severe, and sophisticated and it organisations caught off guard can experience a “paralysis” that lessens the effectiveness of their response. After the recent string of ransomware attacks, including those on the Washington DC Metro Police force and the Colonial gas pipeline, many organisations are ensuring their backup/recovery infrastructure in place is ready to support a recovery should ransomware enter their operations. 

"The most important thing organisations can do is ensure employees are well positioned to recognise a ransomware attack, know what to do, and act quickly," said Anthony Chadd a security risk expert at Neustar. "There should be a cyber crisis response plan in place that all employees have been trained on.  Think of it like CPR for the network... When employees know what to do and can act quickly, it can buy IT and security administrators enough time to avert a major catastrophe."

The first move for an employee  is to record details of the ransom note, which may contain important information for security teams, before disconnecting their machine from the network entirely.

Hackers are now routinely including backup infrastructure in their attacks, thereby making recovery much more difficult or impossible. Index Engines, a cyber defense company that supports backup products from vendors such as Dell to ensure backup environments are available to provide clean recoveries, would like to offer commentary on these and other attacks. 

“Organisations need to accelerate their data resiliency strategy. Gone are the days were cyber criminals maliciously corrupted random data."Jim McGann, Index Engine's VP of Marketing advises “Bad actors are sabotaging companies’ recovery processes to further extend their downtime and force them to pay these exorbitant ransoms. Both the REvil and Conti ransomware have releases updates where they can now corrupt or shut off the backups."

Backup data is critical when recovering from a ransomware attack. Knowing that it is common for cyber criminals to encrypt and corrupt files, backup is where organisations turn to bring the business backup to pre-attack conditions.  

If organisations do not check the integrity of the data in the backups they will be faced with an unwelcome surprise when using these backups to recover. Many will find these backups corrupted, and the data inside these images encrypted and unusable.

Marsh:        Healthcare IT News:     Index Engine:        Blackfog:        Kennedys:    Image: Unsplash

You Might Also Read: 

Key Trends In Cyber Security:

 

« The Next E-Industrial Revolution
British Law To Protect Online Users »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

CryptoSec.info

CryptoSec.info

CryptoSec.info is a web resource focused on educating the beginners in the cryptocurrency space on how to properly secure their online assets from hackers and scammers.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

Logit.io

Logit.io

Logit.io is a log analysis & management platform that provides a scalable solution for hosting the open-source tools Elasticsearch, Logstash, and Kibana.

Cyber Legion

Cyber Legion

Cyber Legion Ltd is a UK-based Cyber Security as a Service (CSaaS) start-up that provides IT security testing services to various organizations around the globe.

CNF Technologies

CNF Technologies

CNF Technologies is an award-winning cyber company providing technology-focused research and development to commercial, federal, and Department of Defense clients.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

Resmo

Resmo

Resmo is an all in one platform for SaaS app and access management for modern IT teams.