ransomware (1)

Reimagining Ransomware Responses

Planning, Protecting and Not Paying

Your company is aware of the many attempts that hackers make every day to infiltrate organizations, steal data, and demand ransoms. Hacking methods seem to propagate rapidly, but ransomware has been making the headlines regularly in the past two years.

Ransomware, a form of malware, accounted for about ten percent of the breaches collated in the Verizon Data Breach Investigations Report. Payments made due to ransomware also increased in frequency and in amounts paid from 2019 to 2020. Based on quarterly reports, they are on track to increased dramatically in 2021.

While it’s massive ransoms that commonly make the headlines (like recent examples of the Colonial Pipeline or Kaseya attacks), smaller organizations aren’t out of harms way. Last year, over half of the noted ransomware attacks targeted companies with under 100 employees. Research (and recent news) has shown that smaller companies are not free from concern, nor are any industries. Hackers want all sorts of professional and personal data, and they are aware that smaller companies might be more vulnerable.

Ransomware attacks can have a devastating impact on companies, from the interruption of services to the injury to reputation. How can we collectively reimagine how we prepare for and respond to ransomware attacks? What’s more effective than just ‘paying up’?

As ransomware attacks continue to proliferate, organizations must take steps to build active defenses. No matter the size of your enterprise, readying your network for a practically inevitable attack is necessary. Here are some tips on how to prepare your defensive strategies, what to do if you are under attack, and how to approach negotiations and data recovery.

Act Now, Before It’s Too Late

1. Plan to get attacked. As ransomware explodes into a lucrative criminal endeavor, and cryptocurrencies continue to make payments easily anonymous, attacks will become more dangerous and more frequent. Assuming that your company will be targeted at some point ensures that you can take preventative steps.

2. Establish backup and disaster recovery strategies. While you can’t predict exactly what kind of ransomware you might get hit with, it’s reasonable to assume that your attacker will actively try to sabotage your backup systems. Having separate, redundant mechanisms for backups will make it much more difficult for hackers. Make sure to test your strategies. It can be time-consuming, but worth it to know that you can safely recover your systems instead of reinventing them from the ground up post-attack.

3. Secure your passwords. Password hygiene is a truly crucial step in preventing ransomware attacks. While email-based phishing schemes are an oft-maligned source of ransomware, password spraying attacks were the most common attack vector. The Colonial Pipeline attack was the result of a single compromised password. It’s clear that organization needs to defend against password reuse and prevent compromised passwords from being used. The most efficient way to approach this is through a credential screening service.

As the threat of ransomware continues to increase, enterprises should take steps to improve cyber hygiene to limit the success of these attacks. That will prove to be a much more effective strategy than caving to the demands and paying up.

But If It Happens…

The safest thing to do may be the most intuitive. Shut down your network until you can assess the damage and ensure the malware isn’t still spreading. Practically speaking, this will vary greatly. It could involve shutting off all Windows shares, pushing out Firewall rules to block the traffic between systems, or even physically shutting off power to the network infrastructure.

If this seems like an overreaction, it’s important to remember that even if the system only seems partially affected, the ransomware could still be running and making things worse behind the scenes. Don’t shy away from reacting quickly and heavily to avoid more extreme situations.

Consider Keeping Your Wallet in Your Pocket

You’ve been compromised and attackers are demanding a ransom to restore your data and network. The instinct to pay up is understandable, but we must approach the issue critically as well. There is simply no guarantee that the attackers will decrypt your data after the ransom has been paid. 

Upon payment, even if they do decrypt the data, you’re still vulnerable to whatever malware might have been left behind for future infection.

Paying a ransom is tempting, yet often a bad idea. If you don’t pay, you might lose access to your system for an unknown length of time. If you do pay, it perpetuates the idea that ransomware is a lucrative activity for criminals.

The conclusion? Shore up your defenses sooner rather than later!