In recent weeks, our CSIRT has again observed arise in ransomware attacks. Corporate data needs to be backed up more than ever, but you will learn in the following blog article why backups alone cannot provide adequate protection, and why having a solid data protection strategy is so important.
Every minute counts in a ransomware attack. How should you be reacting? Is your data security guaranteed if you decide not to pay up, or even if you do? While you are considering all the options, your organisation is left paralysed. With every minute that passes, the pressure to make the right decision increases.
It's your back-up strategy that often decides whether you pay up or not. The thing is that back-ups are necessary but they have to be recoverable. It is pretty difficult to restore a company's infrastructure from just one backup. The more diversified and multi-layered the IT environment is, the greater the challenge. It is also possible that a recovery can only be partially performed, or worse still, the backup does not work at all. If the backup server is acting within the network perimeter during a ransomware attack, it will also be encrypted along with all other systems in the network, rendering them all unusable. This makes keeping processes, technologies and procedures for generating regular copies of data and applications on a separate, secondary device just as important as the recovery itself. Of course, this needs to be kept offline.
If a company with multiple infrastructures is hit by a ransomware attack, it is unlikely that it will be able to recover quickly, even if the back-up is working perfectly. This downtime results in high costs for the company, or may even lead to the potential failure of the entire company. When our CSIRT is called in to assist with a security incident, our primary goal is to restore the company's ability to act as quickly as possible. To achieve this, we prioritise three key points:
1. The preservation or restoration of the value chain
2. The impact that can be anticipated in the future, e.g. data leaks caused by attackers.
3. Minimising the risk of recurrence; i.e., eliminating all gaps and backdoors
There is always some downtime, as it is unlikely that all services and systems can be decrypted immediately, but this should be kept as brief as possible. Therefore, the integrity of the backups must be regularly checked, and regular test runs should be carried out in a staging environment to recover the server. If done this way, the recovery time in the event of a ransomware attack should not take too long.
Today, modern ransomware is no longer purely encryption programmes, it is much worse than that. In the past, ransomware attacks mainly targeted end users and demanded small amounts of cryptocurrency to release the data. In the meantime, attacks on businesses have become much more lucrative, as they are more likely to pay much higher ransoms. Modern ransomware is lurking in networks and siphoning off even the smallest amounts of data it can manage to spy on. Data is then analysed and used to blackmail companies using encryption, data leaks, or both. If they do not pay up, confidential client data or the company's trade secrets are made public. This can lead to permanent damage a company's reputation and, of course, also increase the pressure on the company affected.
An appropriate ransomware strategy allows you to reduce the risk of an attack and at the same time mitigate the impact of a successful attack. The following three pillars can significantly increase your security against ransomware:
1. Protection against Ransomware
Proactive ransomware protection, which prevents threats from gaining a foothold in the network, for instance Guardicore Centra.
2. Data backup strategy:
A solid data backup strategy is crucial - not just in the event of a ransomware attack and regardless of the size of your company or industry sector.
Our cyber security experts have compiled a best practice checklist for you. This guide is intended to assist you in reviewing your backup and recovery plan, as well as the broad outlines of your backup architecture and adjusting them where necessary. Download our whitepaper now!
3. Creating awareness among staff:
Security awareness is a decisive factor in preventing a ransomware attack from happening in the first place. By creating awareness among your employees on issues such as phishing and ransomware, dangers that arise from careless behaviour or ignorance are reduced. To do this, we offer you targeted e-learning courses from our individual Security Awareness Services.
You can find more information about security awareness, phishing and social engineering on our “Know-how Security Awareness” website! Check your knowledge now with our security awareness quiz.