Ransomware survival guide: What to do before, during and after an attack

assets/files/images/10_04_24/ransomware.jpg

This article is brought to you by Retail Technology Review: Ransomware survival guide: What to do before, during and after an attack.

In recent years, ransomware attacks have surged, posing a significant threat to businesses and individuals alike. These malicious attacks encrypt valuable data, demanding hefty ransom payments for its release. But you can learn how to fight back and protect your data.

Trevor Cooke, the online privacy expert at EarthWeb, offers top tips on how to protect yourself from ransomware attacks.

Prevention: How To Build Your Defenses

Protect Your Data With Regular Backups

Implement a robust backup strategy, ensuring that critical data is regularly backed up to secure, offline storage. Trevor says, ‘You can utilize cloud-based backup solutions like Google Drive or Microsoft OneDrive, scheduling automatic backups daily or weekly to capture updated information.’

Keep Your Software Updated

Keep software and operating systems up to date with the latest security patches. Many ransomware attacks exploit vulnerabilities in outdated software, making timely updates crucial in bolstering defenses against evolving threats. Trevor recommends, ‘Enabling automatic updates on all devices ensures that security patches are promptly applied to mitigate potential vulnerabilities.’

Transform Your Employees Into Cybersecurity Experts

If it’s a ransomware attack on your business that you’re worried about, reducing the potential for human error is a key way to protect yourself. Educate your employees about the dangers of phishing emails and suspicious attachments. Human error remains a leading cause of ransomware infections, underscoring the importance of cybersecurity awareness training to recognize and thwart potential threats. Conduct simulated phishing exercises to reinforce training and test employees' ability to identify malicious emails.

During An Attack: How To Respond Tactically

Isolate Infected Systems

Trevor advises, ‘Immediately disconnect compromised devices from the network to prevent the spread of ransomware to other interconnected systems.’ For example, if a ransomware attack targets a specific workstation, IT administrators should isolate the infected device by disconnecting it from the network and disabling Wi-Fi and Bluetooth connectivity. You should do the same with any device targeted in your home so that the ransomware can’t spread to other devices. 

Critically Assess The Situation

Evaluate the extent of the ransomware attack, identifying affected systems and encrypted data. Understanding the scope of the incident will inform your decision-making and response strategies, and guide your efforts to mitigate further damage. Use endpoint detection and response (EDR) tools to analyze malware behavior and identify compromised systems accurately.

Develop A Response Strategy

‘Develop a clear plan of action for responding to ransomware attacks, considering factors such as data sensitivity, regulatory obligations, and available resources,’ reminds Trevor. Consult with cybersecurity experts and law enforcement agencies to navigate response protocols effectively. Implement incident response playbooks detailing step-by-step procedures for containment, eradication, and recovery.

Trevor advises, ‘Although you don’t have to codify such plans in official documentation for your home, it’s always worth doing some research and having a plan on hand for if the worst does happen.’

After An Attack: How To Recover

Recover Your Data

Utilize backup copies to restore encrypted data, prioritizing critical systems and files. Trevor says, ‘If ransomware encrypts critical databases, businesses can restore the data from backups stored on dedicated backup servers or cloud-based storage platforms like Amazon S3 or Azure Blob Storage.’

Restore Your Systems

Rebuild affected systems from clean backups, incorporating security enhancements to prevent the recurrence of ransomware infections. Conduct thorough malware scans and security assessments to identify and address vulnerabilities exploited during the attack. Deploy endpoint protection platforms (EPP) and next-generation antivirus (NGAV) solutions to detect and block ransomware threats proactively.

Take Preventative Measures

Implement stringent security measures, including network segmentation, access controls, and intrusion detection systems, to fortify your defenses against future ransomware threats. Trevor makes the point to regularly review and update his incident response plans to adapt to evolving cyber threats effectively. You can also conduct penetration testing and vulnerability assessments to identify weaknesses in your IT infrastructure and remediate them promptly.

In addressing the rising threat of ransomware attacks, Trevor emphasizes the importance of proactive measures and decisive action. He advises, ‘When facing a ransomware attack, swift and decisive action is crucial. Isolate infected systems, assess the situation, and respond strategically to minimize damage and facilitate recovery.’

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter