How to Deal With Ransomware Attacks

Ransomware Attack Cartoon

There were over 340 million ransomware attacks in 2020 alone.  With a jump of over 60% from the previous year, ransomware is one of the most dangerous cybersecurity threats facing organizations today.  Even though ransomware is a serious threat, many businesses are still not prepared when it comes to protecting their networks from attacks, and how to respond to disruptions caused by ransomware.

A ransomware attack can destroy an organization’s reputation and can also be expensive, both in terms of paying the ransom and restoring and securing the network following the incident.  Businesses must be prepared to deal with the possibility of a ransomware attack hitting their organization and do everything possible to prevent it from happening.

Here are four questions you should ask yourself about your current incident management plan.

1. How would an incident be detected?

Ransomware attacks have been so successful in part because attackers can lurk within networks for a long time without being detected.  That being said, organizations need to know what their IT infrastructure looks like.  They need to know what monitoring they have in place on their network—especially for critical assets—and how they can detect when something is potentially suspicious.  How will this suspicious activity be reported and investigated?

Companies can counter dangerous ransomware attacks by spotting potentially suspicious activity on their network before an intruder has had the chance to fully infiltrate and do damage.

2. How can we minimize the damage that an attacker can cause to our network?

An essential goal of a ransomware attack is to encrypt as much data as possible.  Organizations should, therefore, analyze steps they can undertake to slow down or stop ransomware from spreading.

One strategy is to segment networks so malicious intruders can have a more difficult time moving across them. This will prevent the whole network from being compromised if one device is compromised.

Additionally, organizations should make multi-factor authentication a priority on their network to strengthen security. This additional layer of defense is quite effective in making intruders’ access to your data and applications much more difficult.

3. How do we ensure that our incident management plan is effective?

With the growth in ransomware attacks in recent years, businesses should plan for “when” not “if” one could strike.

In your incident management plan, you should have identified the key people who should be contacted about the threat, have a clear chain of command and responsibilities, a meeting method in place for those to gather about the situation (such as a conference call number) and a contingency plan laid out for critical processes.

4. How do we recover stolen data in the event of an attack?

Gone are the days of simply holding data for ransom. Now attackers are threatening to leak sensitive information if the ransom is not paid.

Besides having a sound data backup and recovery solution in place. a strategy also needs to be developed for what will happen if data is stolen.  What will a recovery process look like after stolen information appears online?

Your Cybersecurity Strategy

By answering and addressing questions like the above, an organization can start the process of becoming more resilient against ransomware and other cyber attacks. Cybersecurity is a complex problem that is ideally addressed with the help of experts.  When problems are complex, the tendency is to put off dealing with them.  This is a problem you can’t afford to put off.  If you are looking for guidance and solutions in this area, one of our consultants would be happy to talk to you.  Why not reach out today.