Ransomware attacks are a question of when, not if, and your business needs to be prepared
If you store business data digitally, odds are good that you’re eventually going to get hit by a ransomware attack. The sooner you accept that, the sooner you can move on to the critical question: What do I do to prepare? Here’s how to position yourself for the best possible ransomware incident response.
Every Business Is a Target
More than 8 in 10 ransomware attacks hit small and midsize businesses. Why? Because they’re big enough to be worth the risk but not quite big enough to have invested in cutting-edge security. That’s especially true if the company isn’t in the tech sector, which tends to be more security-minded.
Think of these ransomware guys as neighborhood crooks. When they’re roaming the streets deciding where to break in, the posh gated community with security staff and more cameras than trees is too much work to crack. On the other hand, the cramped apartments with boarded-up windows can’t pay enough to be worth the risk. But the single-family homes with standard locks? That’s the sweet spot.
Why Don’t We Hear About More Attacks?
There were more than 600 million ransomware attacks in 2021, so why do so few make it to the news? Simple: Companies don’t want you to know when they’ve been hit. If news of the attack were to get out, their customers, clients, and partners would all lose faith in them. That could have a catastrophic effect on their market value, as it did when Clorox went public with news of its attack in September. Plus, it flags your business as potentially vulnerable to future attackers.
If a company can handle an attack without the public ever finding out, it almost always will. (Even though sharing that info could help the entire industry stay safe.)
How to Execute Ransomware Incident Response
Let’s get one thing out of the way: There’s no magic to ransomware incident response. The best-case scenario requires thinking ahead (more on that later). If you get hit before you’ve taken the right precautions, all you can do is contain the damage.
Step One: Quarantining
When you learn you’ve been hit, the first thing you should do is revoke system access from anybody outside your company. Then, you can quarantine your existing systems to prevent any further network communications. The bad guys are in now; don’t let them dig their claws in any deeper.
Step Two: Find a Clean Backup
Most breaches happen long in advance of when the attack is triggered or discovered. The bad guys will sneak something into your system, let it sit there, and then all of a sudden it will activate. That lag between the breach and the attack could mean your backups are compromised going back further than you expect.
If you’re going to restore your business to working order, you need to bring a completely clean copy of your data into your systems after they’ve been re-secured. In chronological order, go back through your backups, scanning for vulnerabilities. The more recent your clean backup, the better, because all the business you’ve done since will be jeopardized or lost. You’ll have to rebuild everything from that backup on, which is almost impossible to do. That’s a huge part of why ransomware kills so many businesses.
Step Three: Find New Infrastructure
Once you’ve found a clean backup, you’ll need to plug its data into new, clean infrastructure. Many public cloud vendors will provide that infrastructure. Other companies have secondary systems of their own for disaster recovery. If you’re in that group, it is absolutely essential that you make sure your backup site didn’t also get hit.
Should You Pay the Ransom?
It’s the $1 million (or more) question: Should you pay what the bad guys demand? If you do, you may be able to get your systems up and running pretty quickly. The problem is, you won’t know if they’re clean. The bad guys could easily have left other exploitables in the system that they can set off again six months down the road, and then you’re back at square one.
The best approach is to look at the numbers. How much value are you losing to this outage? If you’re losing $2 million per day and they’re asking for a $3 million ransom, it may be worth paying because the business disruption would outstrip the payment. Either way, you’ll need to reset all your systems to zero and go through reinstalling everything.
How to Prepare for Ransomware Incident Response
Up until recently, companies thought if they spent enough on security products, they would be safe. But this only works for so long. Cyber security experts are constantly trying to stay a step ahead of bad actors, and most of the time, they do. But the bad guys only need to be right once to get in. And one day, they will. That’s why cybersecurity is never a static situation. You can never think, “I’ve done this one thing; now I’m set forever.” You are not.
But you can come close. How? With a Software-as-a-Service third-party data isolation and recovery solution. Here’s how it works: Every day, your vendor makes a backup of all your data. It encrypts that data and stores it in data stores in the public cloud. No one on your team can access it without going through the vendor. That results in an isolated and immutable backup of your critical business data.
This is key to ransomware incident response because attackers who break into your system and try to ransom your data no longer have power over you. You can just restart your apps on clean infrastructure, pull the data from your backups, and continue business as usual. The bad guys would need to hit both your system and the vendor’s simultaneously, which is all but impossible. That means your data stays hidden and protected.
Stay Safe With Roundstone
These SaaS security solutions are relatively new. They’ve only gained traction over the last two or three years, and not everyone has caught up yet. But here at Roundstone Solutions, we’re on the cutting edge of cybersecurity. We can connect you with vendors such as Cohesity, whose FortKnox software can help keep your data secure even in a ransomware attack. To find the right security solution for your business, contact us today.
Tim Joyce, Founder, Roundstone Solutions