On our most recent #Cybeers session, we dove into what you should be doing after a ransomware attack. As I mentioned, my inspiration for this came in the form of a call I received from a friend about someone who was hacked and who was asked to pay 30 grand.
Right off the bat, let me tell you—these types of attacks can be scary and will take a toll on your stakeholders and company. They can not only infect but also encrypt your systems, forcing you to pay a ransom to receive the decryption key you need to get your company back on track.
Often, the question people have is if they should pay the ransom to protect their data. The problem with this is that you can’t guarantee that attackers will hand over the decryption key. There’s also no guarantee that your data will be safe and won’t be dumped on the dark web.
While there’s a real possibility that they will dump your data on the dark web, true “professionals” may comply and give you control over your data once the ransom is paid, so that future victims know that their data will be safe once they pay.
Attackers may not only be after money, though. Sometimes, the data they hold hostage may be more valuable than a payout. Depending on the value of this data, attackers may choose to sell.
In this kind of context, we must learn from our mistakes and understand how to prevent and respond to ransomware attacks.
What can we learn from ransomware attacks from the past?
One of the many lessons we can learn from previous ransomware attacks is that there are several ways we can identify security loopholes.
While certain monitoring tools are good enough to identify the outflow of data, most of them require deeper analysis to safeguard your systems.
Penetration testing is helpful, but to think that it can fix all problems and vulnerabilities within your system is a stretch. While having your systems monitored 24x7x365 is all well and good, you also need to commit to addressing these gaps immediately.
Tools that keep your systems safe aren’t enough. While they’re helpful, your remediation efforts and cyber hygiene need to be worked on to safeguard your systems and hardware.
You must also have access to user behaviour analytics and network threat behaviour analytics to detect the presence of anomalies on your network. This will help you understand if you need to step up your security efforts.
Given the use of tactics like smash-and-grab, where attackers come in and steal your data under 11 minutes, you must have the right defences in place to protect your systems against potential threats.
How can you better eliminate the risk of ransomware?
Today, you can use machine learning and AI in your security efforts, although they aren’t a panacea to your cybersecurity woes.
Ransomware enters into your systems mostly through risky employee behaviour. Training dedicated to security awareness, therefore, is one of the best ways to eliminate these types of risk.
You can also consider ethical hacking and set up purple teams to conduct red and blue testing and identify areas that need to be fixed.
In these scenarios, companies shouldn’t pay the ransom to the attacker immediately, because this will encourage additional attacks. You must, however, be wary because this will always depend on the adversary you are up against.
Cyber insurance is also an option, but this may give you a false sense of security, and make you even more vulnerable to attacks. What needs to be remembered is that most often, the issue isn’t the money, but the data.
You can also outsource your IT operations, but you will still need to look into whether employees understand the cybersecurity controls in place, and what their role is in the defence systems that are implemented.
You must also pay attention to how well you are auditing third-party vendors and if your company complies with CPS234, which is regulated by APRA.
Learn from history and defend your company against ransomware attacks
Our advice to prevent ransomware attacks from occurring is simple: train employees to be careful and make sure you have a robust safety net in place. Additional layers of security can help.
Whether you outsource your cybersecurity operations or you handle it yourself, eliminating the risk of ransomware will give you the confidence to do business the way you want.