10 Steps to prepare for an unknown Ransomware attack
Suri·Jul 30, 2020·2 min read
Dealing with Covid-19 and remote teams, life is very busy in the virtual world with Zoom sessions, Teams and Google meet. Last week, We hiked 5 miles to breathe the fresh air, share WFH experiences with some friends and the topic of Information security and particularly "Ransomware" came up.

Friend : We are safe with Palo Alto, Barracuda archival, Symantec end point protection and our chances of getting a ransomware attack is very low.
Response: You are thinking like the majority that feels it is not going to happen to me (very similar to how we thought about #Covid19 back in January 2020) - It is better to be prepared
Friend : Alright.. I hear you..! How do I prepare?
Response: You cannot prepare 100% for an unknown data breach or ransomware attack.
Some Best Practices include:-
-
Review your Cyber security insurance and make sure it covers Ransomware incidents with a good upper limit. Recently a school system was hacked and hackers demanded $50,000 / server as ransom payment
-
Understand and Communicate to the management that Digital transformation has reached a pivotal point and Information Security is a collective responsibility. It is not just limited to CISO (Chief Information Security Officer) or IT Department alone
-
Map out critical systems and document IRP (Incident Response Plan) along with creation of IRT (Incident Response Team) that includes business heads (not just IT)
-
Keep a list of critical contacts that includes critical business applications vendors, trusted experts that can support you on zero-day, cyber insurance support, forensics support, local law enforcement, key business leader that has authority to approve IRP execution
-
Enterprise wide Security Awareness Training as 90% of the attacks are through spear phishing. All it takes is a masqueraded email (possibly from CEO) to do a wire. Or an enticing "Free 3-Day Las Vegas Getaway with Casino money" email that may result in someone downloading stuff that is detrimental to the organization
-
Know who has "Enterprise Admin" rights in the network and monitor their activities. 72% of security incidents are caused by disgruntled employees, team negligence, legacy application vulnerability or an intentional malicious act
-
Review IT security policy regularly and perform penetration tests, vulnerability analysis, application security assessment and 3rd party API inspection
-
Periodically patch your systems and install security updates as per vendor guidelines
-
Strengthen and invest in firewall security, Anti-spam, email archival, and at least one backup solution that is isolated from network
-
Within IT, don't give all the keys to your treasure chest (Data) to a single person. Distribute the load and don't depend on a single vendor or MSP (Managed Service Provider) to handle all network related stuff. Always have a Plan B and an oversight team that you trust
Then, I shared information about one of the recent ransomware attacks and how the organization handled the recovery with the help of our partner company VARS Corporation. He suggested that I should write a blog on this. Despite all the preparation, you may have to face the Zero-Day and cyber security partners would play a critical role in restoring sanity..!