Asigra Inc., a leader in backup and recovery software that delivers comprehensive repository cyber protection, today highlighted a number of best practices proposed by providers of both preventative and responsive solutions for combating the financial ramifications of ransomware.
“Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent,” according to a bulletin released by theFederal Bureau of Investigation.
“Cyber criminals can take advantage of security weaknesses in widely used software programs to gain control of victim systems and deploy ransomware. For example, recently exploited vulnerabilities were discovered in two remote management tools used by managed service providers (MSPs) to deploy ransomware on the networks of customers of at least three MSPs.”
Industry experts often cite two categories of ransomware defensive approaches and solutions – preventative and responsive.
Preventative strategies stop such attacks from succeeding in a way that would maintain business access to their data.
Strategies in this area would include training employees about the proper handling of potential phishing emails, implementing the proper cybersecurity software to protect primary data and a second layer of security-enabled data protection on secondary storage to ensure the complete recovery of criminally encrypted data.
Responsive ransomware strategies includeransomware recoveryexperts(CYPFER Corp. for example) to minimize downtime and potential financial loss in the event an attack was successful.
These measures also include a managed service provider to assist in finding all possible alternatives to return mission critical data to the customer. Additionally, it would alsoinclude a credible cyber-insurance provider at the company’sdisposal to financially cover the event and address monetary damages.
Five best practices cited by experts in these areas include:
- Cultivate a security-aware culture: Educate andtrain employees on the dangers of phishing emails. Phishing is the number one method used by ransomware attackers because it is an effective means to access a target’s network.
- Backup files and protect backup data: Regularly back up data using a 3-2-2 methodology where three copies of data are stored locally on secondary storage; two additional copies of backup data are kept on different locally available mediums (devices); and two backup copies are stored offsite two remote locations, such as a remote facility or cloud-based platform.In the event the training and primary cybersecurity measures fail, ensure the backup data is protected as it will become the recovery technique of last resort should the network be impacted. This is effectively done with a backup solution that addresses ransomware Attack Loops™ by scanning for malware instream and as recovered data is returned to production, among other techniques.
- Secure the network environment. Keep programs and operating systems up to date, ensure servers are patched and updated, and securely restrict and limit system components and administration tools by granting users enough access or privileges to accomplish a task or run an application.
- Defend primary data: While there are an endless number of cybersecurity solutions available, choose solutions with an effective record of success and deploy accordingly to protect both traditional and remote workforce environments.
- Insure: Some ransomware payments have been reported to be in the millions. Organizations that have no other option but to pay the ransom, would be remedied by having a cyber insurance policy that covers the damage from such attacks. Having a policy that protects against such attacks and the resulting liability could mean the difference between continuing with operations or claiming bankruptcy.
Ransomware Response and Recovery:
Should devices on a company network unfortunately fall victim to cyber attackers and it is critical that data be recovered, ensure that a ransomware recovery expert is part of theincident response team to negotiate the ransom demand with the threat actors and to try to reduce the financial impact.
To mitigate the risk, the incident response team should investigate all the alternatives, such as recovering from back-ups, rebuilding server environments and deploying free decryption tools, or negotiating with the threat actors.
As a last resort, a company can direct the ransomware recoveryexpert to coordinate and direct the mostsuitable response to the specific threat, and if the decision is made to pay the ransom, negotiate and facilitate the ransom settlement on the victim’s behalf and procure the decryption tools required to restore data files.
“Payingransom to cyber threat actors is not recommended, but sometimes it is a necessary response to ensure business continuity,” said Jason Kotler, Founder and President, CYPFER Corp.
“In these cases, it is essential to negotiate and facilitate payment of the ransom in the proper cryptocurrency and to ensure that your data is unlocked, so that business servicescan resume as soon as possible.”
“The financial impact that ransomwarecan have on any organizationisfrequentlydevastating,” said Marc Staimer, Principal Analyst and President of DragonSlayer Consulting.
“If not properly prepared, damages can go beyond the payment of an exorbitant ransom which does not guarantee the de-encryption of data. It often also includes the loss of revenues from downtime, expensive third-party data recoveryattempts, increases in future insurance costs, and reputational damage.”
“These time-sensitive events need to be addressed quickly. Whether for pre-attack preparation or post-attack emergency support, it is critical to have industry experts available,” said Eran Farajun, Executive Vice President, Asigra. “To provide some level of assurance, the five best practices and the experts referenced will providethe best chance of making it through one of these events.”
For more information on Asigra, please download a case study on cybersecurity-enabled data protection at https://site-files.asigra.com/files/case-study/pdf/pcs-trade-union.pd