Ransomware prevention: How organizations can fight back - Deepstash

Bite-sized knowledge

to upgrade

your career

Ideas from books, articles & podcasts.

created 21 ideas

Ransomware has rapidly become one of the top cybersecurity nightmares. Strategies for prevention, preparation, response, and recovery can help.

MCKINSEY

Ransomware prevention: How organizations can fight back

Ransomware prevention: How organizations can fight back

mckinsey.com

STASHED IN:

23 reads

Sophisticated Ransomware Hacking

Ransomware has hit new levels of sophistication, with demands for payment skyrocketing into the tens of millions of dollars. Vulnerabilities posed by pandemic-weary organiza­tions and workers logging in from unsecured home networks; others are highly complex, such as ever-increasing connectivity ...

The New Threat

With the use of low-cost ransomware-as-a-service (RaaS) campaigns, this cyberthreat has surged beyond the quiet confines of the C-suite to where boards of directors, regulators, law enforcement, industry associations, insurance providers, and the cybersecurity vendor community al...

Prevention Of Ransomware Attacks

To achieve a secure work environment, you need to know what technology you have, what and who it is talking to, and then watch it like a hawk. Vigilance is key. To get there, everyone from the board and C-suite to down the line must be on the same page and treat security as a continuous endeavour...

COVID-19 saw workforces shift to work from home—and home networks are often rife with poor security. Solid basic hygiene would include strong passwords, multi­factor authentication, software updates, restricted access, and network-level authentication.

Multifactor authentication(MF...

Legacy systems, be it OT or IT, chug along on old software with security gaps. After RDP and phishing attacks, vulnerable software is the next largest attack vector, which is why securing communication channels and patching Windows operating system exploits remain vital.

Disabling User-Level Command-Line Capabilities

Ransomware threat actors run free or low-cost software and scanning tools, searching for things like credential harvesting and internal unsecured port discovery from command-line prompts. If command-line capa­bilities end up disabled, the company becomes a more difficult target. Additionally, blo...

Protect Active Directory

Active Directory is a database and set of services that connects users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are and who’s allowed to do what.

Cyber awareness training and education should be mandatory. You don’t need to be a highly trained and skilled cybersecurity professional, but basic changes in behavior and awareness of where and how threats can enter your organization can further reduce risks.

Preparing For An Attack: Know Your Decisions Right

The timing, urgency, and stress of an attack escalate when decision rights are unclear. Who will lead the response team? Is the CEO directly involved or deliberately removed from the tactical details of the response?

Designate a person accountable for keeping the crisis response moving forw...

Preparing For All Options and Understanding Negotiating Constraints

Prior to experiencing a ransomware attack, the majority of companies say they will not pay a ransom. However, when nearly two out of three organizations ended up victimized by a ransomware attack over the past 12 months, over 80 percent paid the ransom demands, according to a 2021 report from Thy...

Generally, board members will want to help and bring issues to closure—the success of which all comes down to communication. That is why the board and executive leaders need to engage in a critical conversation detailing roles and how to activate them. This level of communication and advanced pla...

Business continuity answers the question, “How do we operate this process if a particular technology or person is disrupted?” Whereas operational resilience targets the bigger question of, “How do we organize such that a particular event does not disrupt us?” Companies should have answers to both...

Approaching ransomware prevention and preparedness from a resilience perspective frames the requirements and outcomes differently:

  • Know what assets are important (crown jewels, critical assets) and where they live.  
  • Know the backup process, which will help assess how feasible ...

Response

In a ransomware attack, time is of the essence, so collaboration and transparency prevail. When an organization becomes aware of a ransomware attack, it should not compartmentalize the challenges ahead. The CISO or CSO needs to ensure transparency and collaboration with internal stakeholders acro...

Your organization’s network of external stakeholders can provide valuable input and help expedite risk-based decision making.

An organization’s first call should be to the FBI, or a regional and supervisory law-enforcement agency, for notification and disclosure. For very large financial in...

Proceed Carefully

The US Department of the Treasury’s guidance on ransomware payments requires organizations to consult with them if they need to pay the ransom. However, since ransom payments could violate sanctions against certain individuals or designated organizations, the Treasury’s Office of Foreign Assets C...

External counsel, as well as insurers, are significant partners to have at the table. From discerning who to notify and when to working through the finer points of negotiation and possible implications and thinking through the legal requirements for customers and partners—especially third parties...

Expect Pressure

Some RaaS groups have call centers that will proactively reach out to down­stream customers and activist investors to put pressure on a victim to pay. Expect this and have a plan to engage stakeholders, whether proactively or in response to their queries.

Your response leader can serve as “...

Dig into forensics and intelligence. In the earliest stages of the attack, use intelligence to determine who is behind the attack and how they were able to gain access and maintain persistence and detonate the malware. This knowledge will aid in understanding how bad the attack is and assist in d...

Recovery

No matter what, recovery from a ransomware attack can be messy. If you decide to pay and get a decryption key—and if it works—there is usually a considerable amount of cleanup because the attackers shut down servers and databases not designed to shut down hard. If you don’t pay, rebuilding networ...

The Bottom Line

Remember that you are collaborating with criminals, so the closer a company gets to pay the ransom, the more it needs proof that the attackers actually have what they say they have.

Make no mistake about it, ransomware is ugly. But making your enterprise resilient b...

React

Comment

It's time to

READ

LIKE

A PRO!

Jump-start your

reading habits

, gather your

knowledge

,

remember what you read

and stay ahead of the crowd!

Takes just 5 minutes a day.


TRY THE DEEPSTASH APP

+2M Installs

4.7 App Score