Things to do before a ransomware attack
Cameron Camp, Security Researcher at ESET explains that by failing to prepare you are preparing to fail – here’s what you can do today to minimize the impact of a potential ransomware attack in the future.
While more concerted efforts from various anti-ransomware groups continue to bring pressure to bear on ransomware operators, successful attacks are still making the headlines. It’s not just large operators in the cross-hairs – ransomware gangs also go after municipalities and smaller businesses that may not have the wherewithal to defend against the attacks.
If your business is hit, or you want to be ready just in case, here are five things you can do now to weather the potential storm:
1. Have backups
Many companies hit by ransomware find that their backups are in poor shape, or missing key data. This was highlighted in the Colonial Pipeline attack, where they paid early in the attack fearing delays restoring data from backup. The irony was that after paying they found the decryption tool was so slow they restored from backups anyway, so it’s still unclear to what extent they really needed the decryptor.
In the heat of the moment though, you need to have high confidence in the solidity of your backups. If you do not have a backup strategy in place, our Backup Basics article can help to serve as a starting point for your home or business, as can our overview of the various types of backup and five mistakes to avoid while backing up your data.
2. Know how to restore your backups
For years I have had backups on various compute platforms, but it’s only after hardware failure and starting to restore files I have faith it will actually work. When it’s crash-cart time in the middle of an incident, it’s too late to find out all the fiddly missing bits slowing your backup restoration down.
I also try to have multiple copies with differing technologies. This way, if one of your technologies has issues in the future, you’re not stuck. Surprisingly, this has been one of the most effective time savers if I delete or overwrite files accidentally, but it also helps in disaster recovery. Hard drives are far cheaper than your critical data, so don’t be afraid to buy more.
3. Make sure your cloud backups work
While it’s convenient to back up to the cloud, it can also be painfully slow to restore, especially large volumes. If you’re missing a contact list – fine. But if you have to restore drive images across your enterprise you may find it terribly slow.
Also, cloud providers themselves have security issues and can get hit, potentially exposing your backups to scammers, so make sure they’re locked down. For super-sensitive data, some organizations never touch the cloud, just to protect the crown jewels against attacks. For this level of security, often the backup media isn’t connected to any network — it’s separated by an air gap and physically securely stored.
4. Be recovery ready
It can be daunting to try an organization-wide disaster recovery drill (though if you have – congratulations!). However, picking a specific random part of the org chart and staging a disaster recovery drill can be more doable. When you do, you are almost guaranteed to find things you should change. These are great finds when you’re not in the middle of an attack, so the pressure is off.
Also, these provide great news to the C-suite when they understand you’re learning through practice so you’re more prepared. Until a backup is restored, you have no idea whether it was successful or not. You can avoid these Schrödinger’s backups by periodically testing them with a restore, ideally to a different computer so you can verify your company’s valuable data is there. Remember that the best time to test a backup is before you need it due to an emergency.
5. Have a game plan
In our next part in this series, my colleague Tony Anscombe will survey the legalities if you pay, but meanwhile, you should have a playbook for what to do. For example, will you hire a negotiator, or do you have the team trained to deal with vetting the attackers’ claims? Decisions like this are hard to make well in the haste of an active attack, so a little preparation will go a long way.
Back to the question of paying. How does that all work? Tony will do a deep dive. But if you don’t have to pay, everyone will be much happier, and that’s something you can work on with your team today.