Building A Ransomware Remediation Strategy
You log onto your computer to find that you suddenly can’t get access to your most important files. Or even worse, you may not be able to access your system at all. You know immediately that something is very wrong and your heart sinks even further when you see a message demanding you pay a ransom in order to regain access to your data.
Unfortunately, these types of scenarios are on the rise. According to the Office of the Australian Information Commissioner (OAIC), there has been a recent increase in the risk posed by ransomware attacks to Australian individuals and companies. This is supported by the 2019 McAfee Threats Report that showed in the year 2019, ransomware attacks increased by over 100 percent.
The costs associated with ransomware attacks are also trending sharply higher. Cybersecurity Ventures estimates that global costs due to cyber attacks will exceed $20 billion by 2022.
Ransomware Attacks On The Rise
Ransomware can be spread via a variety of means including via phishing emails, spam, or through social engineering actions. They can also be spread via hoax websites or drive-by downloads that infect network endpoints. Unfortunately, the means of attack are constantly evolving and as the value of personal and company information rises, so does the persistence and innovation of cyber criminals to find new vectors to illegally gain access to it.
Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC), Angelene Falk, reports that malicious cyber incidents are the leading cause of data breaches involving personal information in Australia. “Malicious actors and criminals have been responsible for three in five data breaches notified to the OAIC over the past six months. This includes ransomware attacks, where a strain of malicious software is used to encrypt data and render it unusable or inaccessible,” Commissioner Falk said.
The number of reported data breaches caused by ransomware nearly tripled over just a six month period in 2019. And it is now common to see ransomware attacks that export or exfiltrate data from a network before encrypting the data on the target network. This trend has severe implications for how organisations can respond to suspected data breaches, especially when the systems themselves can be completely inaccessible due to the attacks.
Commissioner Falk said that this “highlights the need for organisations to have a clear understanding of how and where personal information is stored on their network, and to consider additional measures such as network segmentation, robust access controls and encryption.”
Advanced ransomware attacks now also include targeting backups, including modifying them or even completely wiping them out. This compromises the last line of defense and increases the likelihood of a ransom needing to be paid out in order to regain access to data files.
How To Act
More than 5 percent of major organisations across the top 10 industry sectors have already been targeted by ransomware attacks. An attack was even made on the World Health Organisation, showing that no company or group is immune from the threat.
So given the elevated risk level, what are the best approaches to take to secure your systems against ransomware attacks and other cyber threats? The following are the key steps that need to be taken:
Isolate - the earlier the infection can be isolated, the more successfully you’ll be able to prevent the infection spreading to other computers or shared drives on your network.
Identify - the particular type of malware you’re dealing with needs to be determined from the nature of the messages received, evidence taken from infected machines, or from identification tools within your cybersecurity software.
Report - for any significant event, you should notify the authorities to report the incident and help develop a coordinated response.
Restore - if your backups haven’t been affected, you need to safely restore your systems. In order to ensure your backups are secure you need to make sure you are using a backup data system that is immutable. This means that once data has been written, it is never again available in read/write mode to external users so that it cannot be read, modified, or deleted.
Prevent - you need to conduct a full investigation of the incident to understand how the infection occurred and what measures need to be put in place to prevent it from happening again.
Prepping For The Future
Cybersecurity threats are an unfortunate side effect of the digital age and the digital transformation of nearly every sector of the economy. As the volume and value of data goes up, so does the potential payouts from ransomware attacks.
The best thing you can do to stay safe is to audit and put in place secure cybersecurity systems with ransomware firmly in mind. If your data protection solution doesn’t fully safeguard your backups in the event of an attack, then you need to move to a new solution that not only prevents ransomware from modifying backup data but also enables rapid restoring capabilities and full visibility over infections.
To find out about the latest and most robust data backup solutions available or to learn more about how to secure your valuable data against cyberthreats, talk to the experts at FinXL.