While the joint efforts of various actors against ransomware continue to put pressure on gangs operating ransomware groups, successful attacks are still making international media headlines. It is not only large companies or organizations that are targeted by ransomware gangs: also municipalities and smaller companies that may not have the means to defend themselves against attacks.
If your business is affected by a ransomware attack or you intend to prepare for it at some point, here are five things you can do now to minimize the impact such an incident could have:
Many companies affected by ransomware find that their backups are in poor shape or that key data is missing. This was mentioned in the Colonial Pipeline attack, where criminals were paid early for fear of delays in restoring data from backups. The irony was that after paying, they discovered that the decryption tool provided to recover the files was so slow that the systems were restored from backups anyway, so it's still unclear to what extent. they needed to pay for the decryptor.
While it is convenient to back up to the cloud, a restore from here can be a very slow process, especially when we are talking about large volumes. If what you need to restore from backup is a list of contacts, that's fine. But if you have to restore disk images across your entire enterprise, it can be painfully slow.
Also, the cloud providers themselves have security issues and can be impacted, which could expose your backups to fraudsters, so make sure your security is set up right. For the most sensitive data, some organizations never touch the cloud, simply to protect their information from attack. For backup copies of this type of information, the backup media are often not connected to any network, but are instead separated into isolated networks and physically stored safely.
It can be overwhelming to run an organization-wide disaster recovery drill (although if you've done it, congratulations!). But it may be more feasible to randomly pick a specific part of the organization chart and run a mock disaster recovery. When you do this, you will most likely identify things that you should change. These findings are very positive, as there is nothing better than detecting these improvement needs when without the pressure of a real attack.
Furthermore, these findings are great news for senior executives when they understand that they are learning by doing so they can be more prepared. Until the restore process is performed from a backup, it is not known whether it was successful or not. You can avoid this uncertainty by performing regular restore tests, ideally on a different computer so you can verify that your valuable business data is still there. Remember that the best time to test a backup is before you need it due to an emergency.
For example, will you hire a negotiator or do you have a team trained to dialogue with the attackers and their claims? Decisions like this are hard to get right when the attack is active, so preparing for this possible scenario will help a lot.