Nobody’s safe. Your organization, sooner or later, will face a security incident.
I know it is a bold statement, but I have facts to cover it. Between NonPetya in 2017, when our team helped Maersk recover, and the last Solorigate incident, it is a repeatable pattern. Companies are breached, data is leaking, and business losses are growing.
Ransomware is a category of malware designed to block access to a device, a service, or resources through data encryption until the appropriate ransom amount is paid to the hacker.
Ransomware can get into our system using (most often) the following techniques:
If the attack is successful, the ransomware will start encrypting the data on the system and the victim will be forced to pay the ransom to get the decryption key and recover their data.
A ransomware attack might be staged in advance and executed some time later. There might be days or weeks between the infiltration of the network and the actual attack.
In many cases during this period, the attacker will take your data and move it out of the network to request an additional ransom for not releasing it or to profit from the sale of your data.
When you are hit by ransomware you might think about paying the ransom and have it solved. Well – it is not what we recommend.
Paying does not always pay off. Besides the moral aspect, remember that you are dealing with criminals, and they might not keep the deal or still sell your data afterward.
Paying the ransom also fuels the cybercrime industry (it IS an industry) even further. With Ransomware-as-a-Service (RaaS) solutions on the rise, attacks are so easy to launch that they should be considered a source of income.
According to the State of Ransomware 2021 report by Sophos, only 65% of the encrypted data is restored after paying the ransom. Another statistic says that the average bill for resolving a ransomware attack, including downtime, people time, device cost, network cost, lost opportunity, ransom paid, etc., was $1.85 million.
When the day comes, and your business faces a ransomware attack, here are 8 points to follow:
Now is an excellent time to check if you have procedures in place to follow these steps. It might come in handy if there is a need to react. Time is of the essence in moments like these.
That was a general guide, applicable to most ransomware attacks.
Now, let’s look at how you might prevent it from happening. Before a ransomware event happening to your network, the attacker needs to infiltrate it. Typically it happens through phishing campaigns or targeted phishing attacks.
Phishing is the No. 1 method for cybercriminals to gain access to organizations through business emails. Compromised mailboxes can leak credentials and help escalate incidents without the user even knowing what happened.
Our cybersecurity team is helping customers daily to solve such problems. I want to share our guide, created by them, to highlight the steps that should be taken in case of a mailbox breach.
Names in brackets state a team who handles it. In our case, [SOC Team] is our Managed SOC team within our cybersecurity unit helping customers.
Here is a downloadable guide that you’re free to use and share within your organization.
Life writes surprising stories. Earlier this year, Acer, the brand you might recognize, became a ransomware victim with demand as high as $50M. Most likely, it is the result of the exploitation of the last bug in Exchange servers.
Just this month half of the Swedish Coop supermarkets were shut down due to a supply chain ransomware attack, affecting about 200 businesses, mostly in the U.S.
How can you counter such threats for your organization? The answer is in 4 significant industry trends for the upcoming years.
Check out my earlier article about it, where I cover:
Or, if you don’t feel like reading, you can watch the video below.
The threat is real but there are ways to minimize it – with the right countermeasures. Here are a few key takeaways I’d like to highlight:
Staying up to date with the latest threats, trends, and forecasts is time-consuming, and it takes some effort to find value. But trust me, it’s worth it. What may help you is signing up for my email updates – I cover all the latest industry trends there.
Should this resonate with you, and you’d like to hear even more about current cybersecurity developments and how to align them with your responsibilities, then I’d be happy to set up a call – just let me know.
I covered security in GitHub last time. But some of you likely use Azure DevOps for building your products, so let’s t...
Sometimes it feels like I'm pushing too much with security and software development, but then you prove me wrong. Rec...