Four steps to surviving ransomware

April 2017 Cyber Security, Security Services & Risk Management

According to Symantec’s 2016 Internet Security Threat Report, ransomware attacks increased by 35% in 2015. A survey by Malwarebytes found that nearly 40% of companies suffered a ransomware attack in 2015-16.

Al de Brito, senior technical analyst, ContinuitySA.
Al de Brito, senior technical analyst, ContinuitySA.

Ransomware usually arrives on a device via a sort of phishing attack, and can then spread to other devices on the same network. Either data files or the Master Boot Record are targeted. In the first case, data files are encrypted, in the latter, the device itself will not start up. Each type of attack comes with a demand for a ransom payment before access to the data or device will be restored.

Ransomware has become big business and payments are usually requested in Bitcoin, the cryptocurrency whose major characteristic is its untraceability. Based on our experience with a wide range of clients, the following key steps will help companies avoid falling victim to a ransomware attack and, in the event of one occurring, to be resilient enough to recover quickly.

Develop and implement security policies and procedures

The first step obviously is to spell out formally what the company’s risk profile is, and how all its employees need to behave in order to reduce risk. Some basic inclusions would be to require all users to ensure that they install all software updates, especially those relating to antivirus software, as well as firmware updates for hardware. Another key point here would be to ensure that these policies and procedures fall within the governance framework, and that administrators and security staff work closely together.

A word of warning: the solution is not simply to try and close everything down, but rather to specify safe habits. For example, data sticks will always be used, so rather than try to prohibit them, companies should ensure that scanning and encryption programmes are available and are used.

It is also critical that an ongoing programme for educating staff and enhancing awareness is in place.


Companies must understand which security standards are mandatory for particular industries and build them into their policies and procedures. Care must be taken to remain compliant over time and as regulations change. The other side of assessment is to put mechanisms in place to ascertain whether systems have been breached. Regular penetration and vulnerability testing must be implemented to establish the system’s integrity.

Monitor and investigate

Companies need to keep abreast of developments in ransomware and other security threats. This will provide early warning of new measures that need to be integrated into the security policies and procedures. Many companies use a service provider to handle this because it is highly specialised and requires familiarity with the Dark Web, where hackers operate.

Put a comprehensive response programme in place

In the event that an attack does occur, the company needs to have a well-thought-out set of responses in place to ensure it can recover within the shortest possible time. This will include a crisis communications protocol for dealing with the media and clients. It makes best sense to integrate the response to a ransomware attack into the business continuity plan because that will mean that the data will be backed up and recoverable at the disaster recovery site, and alternative devices and servers will also be available at the work-area recovery site.

However, it is very important to ensure that the disaster and work-area recovery sites are as highly secure – if the production site is compromised, bringing the disaster recovery site up will make it vulnerable.

For more information contact ContinuitySA, +27 (0)11 554 8050,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The evolution of security in residential estates
Residential Estate Security Handbook 2020 , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Two large estates discuss their security processes and the ever-expanding scope of responsibilities they need to fulfil.

Bang for your security buck(s)
Residential Estate Security Handbook 2020, Alwinco , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions asks how estates can maintain a good security posture in the time of the ever-shrinking budget.

Range of grid-independent power systems
Residential Estate Security Handbook 2020, Specialised Battery Systems , Products, Security Services & Risk Management
SBS Solar has a range of solutions to provide power, save on costs and above all provide peace of mind.

Work from home securely
Issue 5 2020 , Cyber Security
First Consulting provides enterprise-level IT security to working-from-home employees at more than 40 South African organisations.

Agility, meticulous alignment and testing
Issue 5 2020 , Cyber Security
Data loss can put the nails in the coffin for unprepared businesses. Investing in cyber resilience is key to succeed in the age of digital transformation.

Cybersecurity comment: Cyber threats remain relentless
Issue 5 2020, CA Southern Africa , Cyber Security
Over 80% of email-based threats in Q1 2020 leverage COVID-19 in some form to feign legitimacy to the end user.

11 essential steps to reinforce cybersecurity
Issue 5 2020 , Cyber Security
Wayne Olsen has compiled a guideline to ensure that businesses and their employees are protected while working remotely.

Resilience is critical for post-COVID business success
Issue 5 2020, ContinuitySA , Security Services & Risk Management
Of the many lessons we have to learn from the current emergency, perhaps the most crucial one is to ensure that business strategy and operations are founded on resilience.

Cybersecurity comment: Securing the real endpoint
Issue 5 2020 , Cyber Security
The corporate perimeter is fast becoming irrelevant, as the so-called security boundary extends to wherever an Internet connection exists.

Don’t squeeze your cyber assets
Issue 5 2020 , Cyber Security
Inadequate investment in cybersecurity is directly related to the spate of cyberattacks we’re seeing in South Africa now.