Preventing and Surviving Ransomware Attacks

Prevention:

The cost to prevent an attack is far less than to fix or recover from it. Email has been the easiest and most convenient way to deliver a lethal payload. Security awareness and training focused on ransomware and social engineering should be provided periodically to end-users. An effective phishing campaign should also be rolled out to measure or quantify the effectiveness of administrative controls such as training. Secondly, you should ensure that a secure email gateway scans and inspects inbound attachments and deploys antivirus software with specific anti-ransomware features or capabilities. Finally, having an effective vulnerability management program will allow you to stay current on security patches and reduce the risk to your environment. It’s important to patch everything and patch it periodically, regardless of the operating system you might be using and extend endpoint protections to smart phones.

Everyone is at risk, including non-Microsoft operating systems. A defense-in-depth approach is recommended to reduce the risk to an attack, which employs multiple layers of security controls. Also, ensure accounts controlling your backups are dedicated accounts which are only used for running the backup process and has no broader network admin access.

Response:

If you do not have a 3rd party cybersecurity response or forensic capability in place, I encourage you to subscribe to one to augment your response capability. If you become aware of an attack, stay calm and activate your incident response protocols, including documented procedures. Make sure you disconnect infected systems from the network and preserve all the evidence for an investigation. Deploy the incident response teams to contain and limit the damage. Cleanup infected systems by wiping them clean and rolling back to the pre-ransomware state with an effective backup capability (cloud service) in place. All preserved logs, evidences and lessons learned should be well documented and communicated to the relevant stakeholders. Depending on the attack, you may need to involve law enforcement.

The BizzSecure EAID solution can assist in this area. This out-of-the-box, next generation GRC solution automates information security compliance and assessments, and provides visibility to the security posture of your infrastructure. For more information, check out this page (https://www.bizzsecure.com/services/eaid-next-generation-grc/) and stay tuned for more information on how to keep you and your business safe.

1 Comment

  1. Thanks for sharing. I read many of your blog posts, cool, your blog is very good.

    October 17, 2024 at 11:44 pm
    Reply

Leave a Reply