How to Make Sure You’re Prepared for a Ransomware Attack

Written by CISOSHARE

June 7, 2021

25 min read

Ransomware isn’t a new form of attack in cyber security. It’s been around for a long time, landing in the news for disruptions to the healthcare industry in 2020, WannaCry in 2017, and most recently, the attack that impacted Colonial Pipeline.

According to the Chainalysis 2021 Crypto Crime Report, there’s been a dramatic increase in the amount of money transferred in ransomware transactions, a 311% increase over the amount in 2019. This change has been facilitated by cryptocurrency, which makes it easier for criminals to acquire large sums of money with less traceability.

As businesses have transitioned to work remotely throughout the pandemic, new vectors for attack have appeared as organizations face challenges in protecting employees and organizational systems. Impacts of ransomware are felt not only financially in ransom costs, but in disruptions to businesses and services.

No matter the size of your organization or the industry you work in, ransomware is a threat your team could face.

Our team has put together tips and insight that will help you if you find yourself facing ransomware.

Understanding Your Security Environment

The best place to start preparing for ransomware is in assessing your cyber security environment and security architecture. Check if your organization has preventive and detective tools and processes in place.

Take the time to assess whether your organization has processes in place for identifying and responding to an incident, and whether your organization has a resiliency and backup strategy in place. Is there a location where data is stored regularly? Are the backups available offline? How long would it take to access these backups if necessary?

Asking these questions will give you a starting place to identifying what your team should have in place before an attack hits the organization.

You can also use this as an opportunity to conduct a business impact analysis (BIA). This will help you determine the criticality of certain business activities and resources that would have a large impact on the resilience and continuity of the organization’s operations during and after a disruptive incident. A BIA can help you set recovery time objectives (RTOs) and recovery point objectives (RPOs).

Establishing these objectives will help build a plan and strategy for business continuity, and you’ll understand what impact it could have on your business if services are down for a certain amount of time.

Establish and Utilize a Complete Security Program

Building and maintaining a complete security program is a tall order, but critical components of a security program such as awareness training and incident response procedures will make it easier to prevent and respond in the event of a ransomware attack. Training and awareness will keep employees informed an alert to what might create an opening for a ransomware attack.

Part of a security program might also include conducting tabletop exercises with employees in relevant departments and roles. These exercises are an opportunity to run through relevant risk and attack scenarios so that your team can understand their roles, practice response procedures, and identify potential gaps in communication or areas for improvement.

If having an in-house incident response and forensics team isn’t an option for your organization, consider establishing a retainer with an external provider ahead of time. This relationship reduces the amount of time to respond to an incident as they have the contracts and resources in place, which can also help save money in the long term.

What Do You Do If You Think You’re Facing a Ransomware Attack?

If you have a cyber insurance company, it might be good to contact them once you understand what’s happening in the environment, such as confirming a ransomware attack, knowing that you can’t access your backups, or any other issues. They may have partners that can help you address and respond to the situation.

It’s important to realize that there may be instances where your organization will have to pay in order to recover information or systems. This will depend on the situation and state of an organization, but this may be an option that organizations take if backups are inaccessible and system operation is critical.

The best way to respond to a ransomware attack is to be prepared ahead of time. Whether you’re improving your security program’s ability to respond to ransomware and other cyber-attacks or you’re building one from scratch, CISOSHARE’s team has the expertise you need for success.

Assess Your Environment and Address Any Weaknesses