Enterprise Options to Deal with Ransomware

Enterprise Options to Deal with Ransomware

In 2020, Accenture was hit by a ransomware attack, and the attackers demanded $50 million to not publish their data. The attack group known as LockBit claimed responsibility for the hack and said it exfiltrated six terabytes of Accenture’s data.

The stolen data, while concerning, may not be the most disturbing element of the attack. According to Heimdal Security, LockBit had “gotten access to the company’s network via a corporate ‘insider.’” The criminal group had been known to use corporate employees to execute their attacks, making the Accenture claim at least somewhat feasible.

Enterprises and Ransomware

While it goes without saying that organizations should do what they can to reduce the chances of an attack, whether from the inside or outside, the Accenture breach—and other similar enterprise breaches—raises questions regarding the best ways to manage ransomware incidents throughout the attack timeline. 

  • What are the best ways for an enterprise to deal with ransomware, especially in light of hybrid and remote work ecosystems? 
  • What are the do’s and don’ts that companies should consider? 
  • Can cyber insurance be a salve to soothe wounds in the aftermath of a breach?

How Enterprises Deal with Ransomware

Enterprises with thoughtful ransomware mitigation plans use a combination of prevention, protection, and incident response. Here’s a checklist of the basic measures proactive enterprises take to handle the ransomware threat:

Prevention and Protection

Damage has already been done once malware begins encrypting files. Even if a ransom is paid, some data will likely be lost—unless all files are fully restored from backups. Additionally, newer forms of ransomware exfiltrate and steal data before encrypting it, so even if the attacker promises to completely give up control over your data once you’ve handed over the money, there’s no guarantee your data will not end up for sale on the dark web.

The best method to combat the ransomware threat is prevention. Enterprises can safeguard their systems from ransomware using a number of methods, such as:

1. Phishing Prevention

One of the most common ways that ransomware is distributed is through phishing. Businesses should train staff members to recognize phishing attempts and how to respond appropriately, as well as implement anti-phishing tools to prevent harmful messages from ever reaching employee inboxes.

2. Patch Management

Some ransomware variants exploit vulnerabilities for which fixes are readily available. Make sure to promptly install updates and security patches to eliminate these vulnerabilities.

3. Anti-Ransomware Software

If ransomware infiltrates enterprise systems, you can limit the damage it can cause by identifying and eliminating it as soon as possible. To detect and remove ransomware before it can exfiltrate and encrypt critical data, anti-ransomware solutions should be installed on all company devices.

4. Access Management

With the popularity of remote and hybrid work, hackers are increasingly using stolen credentials and otherwise safe remote access programs to install and run malware. 

In a hybrid work environment, employees come into the office sometimes, and in a remote work setup, employees operate completely outside the office. When employees work outside the protected walls of the organization, criminals can easily hack their devices, especially if they don’t have adequate cybersecurity protection.

To prevent cyberattacks, enforce multi-factor authentication (MFA) throughout the organization and restrict access to sensitive areas of the network based on the principle of least privilege.

Incident Response

The impact and cost of a ransomware attack can be minimized with quick action, which means an organization must have an incident response team (IRT) and strategy in place to respond quickly and effectively. Responders should be careful to:

1. Remain Calm

While ransomware attacks can be frightening, it’s crucial to maintain your composure. Stick to the incident response plan, and take a picture of the ransomware note for law enforcement and your internal investigation team to study later.

2. Stop the Infection

Disconnect infected systems from the network as soon as you can to stop the spread of ransomware. Ensure the attacker isn’t hiding somewhere inside the network by tracing the attack chain. This involves ascertaining how they gained access and where they’ve been since breaching your network.

3. Defer Making System Changes

System changes could result in data loss if the change is a result of ransomware. Do not reboot infected computers, apply updates, or carry out any other maintenance on them. Do this when you’re sure your systems are no longer infected.

4. Don’t Connect Backups Until the Infection Has Been Completely Mitigated

Ransomware attackers will also attempt to infect backups to coerce businesses into paying up. Avoid connecting backups to compromised machines until the ransomware infection has been cleared—and the integrity of the backups has been confirmed.

5. Communicate with Stakeholders

You’ll need all the help you can get to successfully deal with ransomware. Get in touch with law enforcement or a company that offers reliable incident response services.

Dealing with Ransomware: Do’s and Don’ts

If you’re still planning your ransomware defense strategy, keep in mind the following do’s and don’ts:

Do’s

  • Make a plan for what to do in case of an attack: As technology advances, cybercriminals also advance their techniques to make them more potent. Prepare for an attack with the “not if but when” mindset.
  • Adhere to business continuity and disaster recovery (BCDR) best practices: Best practices for business continuity and catastrophe recovery are a core element of a strong response strategy. Have secure backups both offsite and in the cloud, and be sure to store backups separately because some ransomware strains can encrypt backup files together with primary data if they’re connected to the same network.
  • Educate your staff on how to practice good cyber hygiene and respond to an attack: Although there isn’t a one-size-fits-all ransomware preparedness strategy, getting your employees on board early is necessary. Cyber hygiene is everyone’s responsibility, so employee training is essential. Employees should know what to do if they believe a ransomware attack is taking place, such as disconnecting laptops from the network and informing network administrators about the issue right away.

Don’ts

  • Don’t wait too long to implement your crisis communication plan: The first step to mitigating a ransomware crisis is to inform customers, employees, vendors, and other stakeholders about the incident. Let them know what happened and how you’re addressing it, particularly how you’re protecting their data. The goal is to get them to remain calm and trust you’re doing everything in your power to resolve the problem. At this juncture, you can’t afford angry customers flocking to social media to air their frustration, as this may propel management and other decision-makers to give in to attackers’ demands before exhausting all other options.
  • Don’t avoid informing affected parties: Get law enforcement and cybersecurity experts involved as soon as possible, particularly if customer data has been compromised. Assess the extent of the damage, and make sure to move quickly to recover stolen data before you violate relevant data privacy regulations. 
  • Don’t pay the ransom or negotiate until you’ve tried everything else: Starting a ransom discussion should be your last resort.

Ransomware Settlements and Cyber Insurance: What to Know

Cyber insurance can cover the costs you incur as a result of a cyberattack and may help with the following:

  • Payment to attackers
  • Liabilities related to stolen customer data
  • Network repair

According to the latest ransomware data, the average ransomware payment has increased 71% from last year. In dollar terms, that’s $0.93 million. Therefore, getting cyber insurance is a good move, as it can help your company quickly get back on its feet after an attack. As experts explained in this video, ransomware settlement amounts will continue to go up as criminals diversify their operations and use more sophisticated attack techniques. 

Enterprises Can Gain the Upper Hand on Ransomware Attackers

Ransomware attacks can be devastating. By knowing what to do and not do—and using the appropriate prevention, protection, and incident response techniques—enterprises have a fighting chance. 

Given the right training and tools, employees can be your strongest defense against attacks, so make sure they’re aware of the dangers, as well as what to do if the company gets breached.