Ransomware attack – Be ready

11. 01. 22 David Singh

  • Share on:

Ransomware attacks are on the rise and we've seen in our previous post how they happen, and the devastating impact it can have on a business. There are several steps an organisation can - and should - take to prepare itself.

Protecting your systems

There is a wealth of information on how you can protect your systems and business from such attacks, one excellent source is the National Cyber Security Centre where you will find a paper entitled Mitigating Malware and Ransomware Attacks. It is an easy non-technical read, it suggests several actions you can take to protect your systems and business, below is a summary.

Backups and security copies

The most obvious and the least costly is to ensure you take regular backup copies of your data. You no longer have to use physical media. Copies can be taken and stored in a location that is not on your corporate network, for example in the Cloud or using a specialist service where there is a clear separation between your corporate systems and the backup provider.

Ransomware is becoming increasingly sophisticated and can even target locations where backup copies are stored. Make regular checks that backups are readable and can be restored. Take image copies of application servers on which programs are running as these will also be required in the event of an attack and a system rebuild becomes necessary.

Prevent malware from being delivered and spreading

As mentioned in our previous post Ransomware attacks - It won't happen to me, will it?, malware usually finds its way into your organisation through Trojans and/or by exploiting vulnerabilities. You can reduce the likelihood of malicious content reaching your devices through a combination of:

  • filtering to only allow file types you would expect to receive
  • blocking websites that are known to be malicious
  • actively inspecting content
  • using signatures to block known malicious code
  • using multi-factor authentication to access to the system
  • applying patches to operating systems and all application software as soon as they are made available - these will also contain security updates for any known exploits

These are typically done by network services rather than users' devices; your IT department will likely be on top of this already but as users of application software you should check with them regularly to ensure it is patched up to the latest patch set.

Prevent malware from running on devices

Up until relatively recently the best way to defend against malware was to try and keep it out of your network by isolating your systems from the outside world, a “castle and moat” approach.

However, given the need for users to access systems remotely, especially over the past two years, systems are now very much more “accessible” and so the defence strategy has to change to one of “defence in depth”. This assumes that malware will find its way onto your systems and devices, and the focus should be on how to stop it from propagating. The paper from the National Cyber Security Centre referenced above goes into detail on the sorts of measures that can be taken.

Prepare for an incident

Malware attacks, in particular ransomware attacks, can be devastating for organisations because computer systems are no longer available to use, and in some cases, data may never be recovered. If recovery is possible, it can take several weeks, but your corporate reputation and brand reputation could take a lot longer to recover.

The following are some headline suggestions.

  • Identify your critical assets and determine the impact to these if they were affected by a malware attack.
  • Develop an internal and external communication strategy. It is important that the right information reaches the right stakeholders in a timely fashion.
  • Determine how you will respond to the ransom demand and the threat of your organisation's data being published.
  • Ensure that incident management playbooks and supporting resources such as checklists and contact details are available if you do not have access to your computer systems.
  • Identify your legal obligations regarding the reporting of incidents to regulators and understand how to approach this.
  • Exercise your incident management plan. This helps clarify the roles and responsibilities of staff and third parties, and to prioritise system recovery.

Previous post >> Ransomware attack - It won't happen to me, will it?

Next post >> Ransomware attack - How can touchstone help

Is your business ready? Review your setup with our experts
David Singh

Written by:

David Singh

Touchstone FMS Business Unit Head

More

Blog

Ransomware attack – It won’t happen to me, will it?

Ransomware attack – It won’t happen to me, will it?

We hear about ransomware attacks with increasing regularity, yet many organisations either do nothing or very little to prevent it.…

Read more