Ransomware attacks are now occurring every 2 seconds, up from every 14 seconds just three years ago. Not surprisingly, the global cost of ransomware is projected to rise from $20B annually to $265B by 2031.
With ransomware, you’re facing the “hostage situation” of the cybercriminal world. Attacks are designed to make you feel helpless and out of control, at the mercy of your attackers.
Much like other predominant scams and attack methods, every incident is different. And here’s the good news: you can always affect change before (pre-mitigation) and after (strategic response) an attack.
Instead of falling prey to hackers’ intimidation tactics, focus on what you can control.
Start With Prevention At “Home”
To ransom your data, malicious actors need an in. They’re mostly likely to find that pathway right in-house. Employees are targeted in 82% of attacks. So build your team’s security awareness via real-world tests. These can include Ransomware Simulations, Red Team Assessments, and Social Engineering Evaluations. Employees should be directed to report anything out of the ordinary immediately to their IT security team, and be taught how to spot spoofed or manipulative communications and links.
You also want to illuminate vulnerabilities in your information security with system-wide audits. Conduct regular but also robust risk assessments, security assessments, HIPAA assessments, as well as ongoing network scanning. Results from truly robust evaluations should offer concrete solutions for quick remediation in your distinct environment, as well as year-to-year trend data.
Consider that ransomware attackers rely entirely on making their “ransom” your only out, so be sure you’re maintaining routine data backups. Experts at CISA recommend frequent updates and regular verification, as well as storing backups separately (i.e. on an external hard drive) to thwart hackers trying to access them through your network. A well-protected system can be a defense all its own: preventative software, like antivirus programs and email filters, are valuable investments in the short- and long-run. But it’s up to you to make sure the programs are sound with antivirus/malware and firewall best practice evaluations.
To keep pace with rapidly expanding attack surfaces, multi-factor authentication and Zero Trust systems are on the rise. CISA suggests rotating your passwords and keeping them strong to make sure access to your network meets all its users with the same level of rigor. Experts favor password managers, which monitor a select pool of passwords across user accounts and identify those weak or repeated. Hybrid or in-person offices may want to consider a form of physical verification, which makes hostile intrusions even more insurmountable.
Lastly, in these days of global partnerships, you’re only as secure as your weakest vendor. So make it a point not just to vet partners initially, but continue to hold vendors accountable to your security and privacy standards.
Get serious about cyber defense.
Mitigate the Worst Case
Let’s say you’ve done everything right, and ransomware still strikes. From here, it’s about rapid and effective crisis response.
FIRST: Determine what systems have been impacted and immediately isolate them. Experts recommend taking the network offline at the switch level or, if that’s not feasible, disconnect the afflicted devices (be that unplugging the Ethernet cable or disconnecting the device from the wifi). If you can’t disconnect the device, you may power it down, though CISA warns it will prevent the device from retaining a record of the attack. When the initial attack is deployed, actors rely heavily on monitoring the network to determine when they’ve been detected. Isolating your systems should be a coordinated effort with out-of-band communication via cell phones or other off-network means, so as not to alert a hacker and keep them out of the loop to your mitigation strategy.
NEXT: Once you’ve performed the initial isolation, it’s time for assessment. Which of your afflicted systems is the most critical for restoration and recovery? What most severely affects your company’s functionality or your clients’ privacy? It’s important to keep track of unaffected systems and devices, so as not to divert extraneous resources. Stay focused on where the damage is done—the faster you prioritize, the more efficiently you can shut down an attack.
FINALLY: You’ve set up your triage and deployed mitigation tactics, but now you need to grasp the whole picture. Incident response is essential for developing and documenting an understanding of how the attack happened. You can use that intel to keep management, clientele, and other stakeholders updated, including insurance companies and investors. Uphold your accountability and integrity through an attack, and your reputation will rebound more quickly.