The Offensive Strategy for a Ransomware Attack

June 9, 2016

offense strategy for ransomware

Jorel Van Os, an Information Security professional at US Signal has spent the last five years implementing security, compliance, risk monitoring, and strategy for the company while the industry has been at its peak for ransomware attacks.  He says the best ways that an organization can defend against Ransomware infections are:

  • Ensuring you have a robust backup and recovery solution in place
  • Keeping software current with patching and updates
  • Training and educating employees about the latest threats
  • Restricting access by segmenting your network

While protecting yourself from attacks is a priority for your securing your data, it's about time we switch to offense. Lay out the play-by-play of your offensive strategy to make sure you’re fully prepared for a Ransomware attack. In a recent Tripwire blog, they gave an example of a large healthcare organization being the target for a ransomware attack that ultimately suspended its IT systems. Of course, this didn’t result in effective patient care, causing several departments to shut down and patients to be moved.

The frequency of Ransomware attacks continues to affect IT groups throughout the world.  Hackers don’t need a degree for their schemes to take down an entire organization.  Because of this, the standard practice of reviewing and testing an organization’s business continuity plan remains the number one goal for IT organizations.

Backups are a must, but when have you tested your process?  Most organizations choose the least expensive backup option for their data.  Let’s face it, your BC/DR plan can feel like an additional insurance item on the budget sheet.  Since accessing data only happens in the time of a disaster or emergency, it seems silly to pay for backed up and archived data for a “what if” event.  But, how much can your business afford the “what if” scenario that means days of downtime and lost revenue?  Travis Smith, a senior security engineer at Tripwire, says:

“For many organizations, ransom decisions come down to the most cost-effective plan of action. If systems and data can be restored quickly from backup with minimal data loss, then not paying a ransom demand is a viable option. However, in order to be confident enough to ignore ransom demands, IT teams need to continually test backups to ensure all critical business data is being captured and that the backups are viable.”

Where will you recover? Have you created a BC/DR playbook?  How much have you practiced? Restoring from a backup can be a timely process.  Will you restore to a bare metal environment or the cloud?  In the event of a ransomware attack, do you have the resources needed on-staff to effectively get you back up and running?  Is your offensive team practicing and making changes to the playbook as improvements are made during testing?

“Organizations have to take the next step and verify they can restore critical business systems quickly to minimize downtime and service interruptions. For most security teams, this means they will need to practice – a process that takes both time and resources. However, this investment can pay significant dividends in the event of a ransomware infection. Planning and testing a streamlined backup process can reduce the cost and risk associated with restoring data. If organizations make these investments, ransom demands can become irrelevant.”

CIO Review confirms that ransomware, cyber attacks and security threats are what keeps CIOs up at night. The experts at US Signal work with customers daily as an extension of their IT team to assist with deep dive BC/DR assessment and planning.  Restoral of complete customer environments into the US Signal cloud has proven to be the most successful answer to a ransomware attack, as long as customer data is backed up effectively.  But, don’t worry, as long as your organization is proactive, the Professional Services team will help you develop and test your DR plan regularly.  You don’t have to do it alone, let us help.