Four steps to surviving ransomware

April 2017 Cyber Security, Security Services & Risk Management

According to Symantec’s 2016 Internet Security Threat Report, ransomware attacks increased by 35% in 2015. A survey by Malwarebytes found that nearly 40% of companies suffered a ransomware attack in 2015-16.

Al de Brito, senior technical analyst, ContinuitySA.
Al de Brito, senior technical analyst, ContinuitySA.

Ransomware usually arrives on a device via a sort of phishing attack, and can then spread to other devices on the same network. Either data files or the Master Boot Record are targeted. In the first case, data files are encrypted, in the latter, the device itself will not start up. Each type of attack comes with a demand for a ransom payment before access to the data or device will be restored.

Ransomware has become big business and payments are usually requested in Bitcoin, the cryptocurrency whose major characteristic is its untraceability. Based on our experience with a wide range of clients, the following key steps will help companies avoid falling victim to a ransomware attack and, in the event of one occurring, to be resilient enough to recover quickly.

Develop and implement security policies and procedures

The first step obviously is to spell out formally what the company’s risk profile is, and how all its employees need to behave in order to reduce risk. Some basic inclusions would be to require all users to ensure that they install all software updates, especially those relating to antivirus software, as well as firmware updates for hardware. Another key point here would be to ensure that these policies and procedures fall within the governance framework, and that administrators and security staff work closely together.

A word of warning: the solution is not simply to try and close everything down, but rather to specify safe habits. For example, data sticks will always be used, so rather than try to prohibit them, companies should ensure that scanning and encryption programmes are available and are used.

It is also critical that an ongoing programme for educating staff and enhancing awareness is in place.

Assess

Companies must understand which security standards are mandatory for particular industries and build them into their policies and procedures. Care must be taken to remain compliant over time and as regulations change. The other side of assessment is to put mechanisms in place to ascertain whether systems have been breached. Regular penetration and vulnerability testing must be implemented to establish the system’s integrity.

Monitor and investigate

Companies need to keep abreast of developments in ransomware and other security threats. This will provide early warning of new measures that need to be integrated into the security policies and procedures. Many companies use a service provider to handle this because it is highly specialised and requires familiarity with the Dark Web, where hackers operate.

Put a comprehensive response programme in place

In the event that an attack does occur, the company needs to have a well-thought-out set of responses in place to ensure it can recover within the shortest possible time. This will include a crisis communications protocol for dealing with the media and clients. It makes best sense to integrate the response to a ransomware attack into the business continuity plan because that will mean that the data will be backed up and recoverable at the disaster recovery site, and alternative devices and servers will also be available at the work-area recovery site.

However, it is very important to ensure that the disaster and work-area recovery sites are as highly secure – if the production site is compromised, bringing the disaster recovery site up will make it vulnerable.

For more information contact ContinuitySA, +27 (0)11 554 8050, cindy.bodenstein@continuitysa.co.za, www.continuitysa.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
The importance of XDR for cyber protection
October 2019 , Cyber Security, Products
35% of South African organisations are expecting an imminent cyberattack and a further 31% are bracing for it to happen within a year, according to local research conducted by Trend Micro.

Read more...
Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Read more...
Kaspersky uncovers zero-day in Chrome
October 2019, Kaspersky Lab , News, Cyber Security
Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.

Read more...
Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Read more...
Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Read more...
Cybersecurity for video surveillance systems
September 2019 , Cyber Security, CCTV, Surveillance & Remote Monitoring
Video surveillance systems are increasingly accessible over any IP network, which has led to the rise of potential cyberattack.

Read more...
Cyber-securing your surveillance infrastructure
CCTV Handbook 2019, Genetec, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
When it comes to cybersecurity, understanding the risks and the solutions as well as engaging in open communication helps everyone.

Read more...
Cybersecure surveillance partnership
CCTV Handbook 2019, Bosch Building Technologies, Genetec , Cyber Security, CCTV, Surveillance & Remote Monitoring
With Bosch and Genetec, you can feel confident that your data is protected by one of the world?s best security solutions, end to end, day after day.

Read more...