You may think your organisation is well prepared for a ransomware attack, but having some point solutions in place is not always the complete answer. Being properly prepared for the worst involves a more comprehensive strategy, and this series of articles from The MYREDFORT team aim to help.
The first article focuses on understanding more about recent attacks, how hackers are innovating, and laying the foundations for preparedness. As attacks become increasingly innovative, traditional defences are being left wanting. Recent attacks such as REviL have seen hackers manually controlling the operation instead of relying on viruses working on their own accord.
How are attackers breaking through the barriers?
Even organisations with credible cyber security solutions in place have been successfully targeted by sophisticated hackers. Remote desktop protocols (RDP) with configuration loopholes are a particular weakness, as are poor disciplines in identity and access management (IAM). Data and passwords stored on the dark web are also being used by criminals to gain access to devices or core infrastructure.
How is an attack coordinated?
As in any battle, conflict or even competitive sport, knowing your enemy is another vital step in winning the fight against ransomware attackers. Having gained access to a corporate network, hackers then seek out the valuable data and attempt to prevent access to endpoints, cloud applications and backups. The data is then wiped, encrypted and used for extortion purposes and even to publish data if the ransom payment is not made.
Worse still, it can take up to five days for an organisation to even realise the attack is in progress. From the first penetration of the system, hackers can embed the ransomware silently and have it take hold before IT teams are even aware of a problem. By using this approach, hackers can maximise the chances of success, and the chances of at least some of the ransom being paid.
Upping the ante with preparations
Sadly, the sophistication of ransom attacks now means it’s more a case of 'when' not 'if' that UK organisations will experience some kind of attack. Preparation for incidents should be well thought out, and solid plans implemented to prevent and detect attacks. Should the worst happen, it’s important to have contingency strategies in place to respond and recover your systems and/or data in the shortest time possible.
The key question will ultimately be will the ransom be paid? This will be an executive level business decision with input from security and legal experts. The balance will be based on the impact, severity and implications of doing so or not doing so, but the reality is that almost 50% of companies have paid out the ransom.
Find out more
👀 In the next in our series of articles (watch this space!), we’ll look at backup and recovery in the context of ransomware attacks.
More in Cyber Security
Navigating Emotional Intelligence in Cyber Security
What Is It and Why Does It Matter?
Understanding the Gap Between Cybersecurity and Regulation
Monthly expert guidance from the South West Cyber Resilience Centre.
Keep your organisation safe, agile, growth-ready and prepared for whatever comes next.
Facing high data ingestion costs, on-prem only or lacking actionable insights?
The what, how and why of NGFWs for your organisation
Key things to consider when protecting your business
Security best practices, threat management, security operations, tooling and privacy
How to spot and prevent hacking attempts
8 sponsors | 4 expert speakers | 2 days, 200 security professionals | 2 evenings = 200+ channel partners
SWCRC's top tips to secure your organisation
Share this story