10 Steps to prepare for an unknown Ransomware attack

Dealing with Covid-19 and remote teams, life is very busy in the virtual world with Zoom sessions, Teams and Google meet. Last week, We hiked 5 miles to breathe the fresh air, share WFH experiences with some friends and the topic of Information security and particularly "Ransomware" came up.

Friend : We are safe with Palo Alto, Barracuda archival, Symantec end point protection and our chances of getting a ransomware attack is very low.

Response: You are thinking like the majority that feels it is not going to happen to me (very similar to how we thought about #Covid19 back in January 2020) - It is better to be prepared

Friend : Alright.. I hear you..! How do I prepare?

Response: You cannot prepare 100% for an unknown data breach or ransomware attack.

Some Best Practices include:-

1. Review your Cyber security insurance and make sure it covers Ransomware incidents with a good upper limit. Recently a school system was hacked and hackers demanded $50,000 / server as ransom payment
2. Understand and Communicate to the management that Digital transformation has reached a pivotal point and Information Security is a collective responsibility. It is not just limited to CISO (Chief Information Security Officer) or IT Department alone
3. Map out critical systems and document IRP (Incident Response Plan) along with creation of IRT (Incident Response Team) that includes business heads (not just IT)
4. Keep a list of critical contacts that includes critical business applications vendors, trusted experts that can support you on zero-day, cyber insurance support, forensics support, local law enforcement, key business leader that has authority to approve IRP execution
5. Enterprise wide Security Awareness Training as 90% of the attacks are through spear phishing. All it takes is a masqueraded email (possibly from CEO) to do a wire. Or an enticing "Free 3-Day Las Vegas Getaway with Casino money" email that may result in someone downloading stuff that is detrimental to the organization
6. Know who has "Enterprise Admin" rights in the network and monitor their activities. 72% of security incidents are caused by disgruntled employees, team negligence, legacy application vulnerability or an intentional malicious act
7. Review IT security policy regularly and perform penetration tests, vulnerability analysis, application security assessment and 3rd party API inspection
8. Periodically patch your systems and install security updates as per vendor guidelines
9. Strengthen and invest in firewall security, Anti-spam, email archival, and at least one backup solution that is isolated from network
10. Within IT, don't give all the keys to your treasure chest (Data) to a single person. Distribute the load and don't depend on a single vendor or MSP (Managed Service Provider) to handle all network related stuff. Always have a Plan B and an oversight team that you trust

Then, I shared information about one of the recent ransomware attacks and how the organization handled the recovery with the help of our partner company VARS Corporation. He suggested that I should write a blog on this. Despite all the preparation, you may have to face the Zero-Day and cyber security partners would play a critical role in restoring sanity..!