5 Mistakes Businesses Make When Responding to Ransomware

27
5 Mistakes Businesses Make When Responding to Ransomware

As ransomware attacks become more common and intense, one thing is becoming crystal clear: businesses can do more to protect themselves. Unfortunately, the majority of businesses are failing to deliver. Most of the victims are given ample warning of potential vulnerabilities, but they are poorly equipped to recover once they have been attacked.

According to the 2019 Verizon Data Breach Report, ransomware is the second most common malware attack after (C2) attacks – and events in 2020 have further contributed to an increase in such attacks.

The number of cyber-attacks and ransom demands has steadily increased in 2021. According to a 2020 research report from VMware, attacks have increased by 148 percent as a result of increased remote work during the pandemic.

Also Read: Four Common Biases CISOs Need to Avoid

The following are some of the most common ransomware responses mistakes made by businesses.

Containing malware isn’t enough

Before taking the critical step of ensuring the malware does not spread further, many organizations focus on how to recover the encrypted data.

The first mistake businesses make is failing to ensure that the original attack vector has been entirely destroyed, as well as doing a root cause analysis to determine how it began and validate that it is not spreading. Businesses should ensure that their surroundings are clear to avoid being a victim of the same attack twice and having to pay a double ransom.

Lacking a well-thought-out response strategy

An incident response plan should be established well ahead of time to cover all the steps a security team should take as soon as they are aware of an attack. It should also identify key stakeholders who need to be contacted.

Lack of proper incident response mechanisms leads to rash actions, which exacerbates the problem. Since no organization is immune to ransomware attacks, it is vital to plan beforehand.

Having backups in inconvenient locations

Ransomware groups are increasingly scouring networks for backups and destroying them before launching their attacks. Businesses can find themselves with no backups if backups aren’t saved appropriately.

Companies believe that restoring from backup will allow them to recover all of their data without paying the ransom. Unfortunately, because backups should be stored off-site and not linked to the network to be free of infection, this isn’t always the case. It can also take a long time to recover each and every individual device, depending on how many systems have been affected.

Making negotiation mistakes

Whether or not to negotiate the ransom price, like paying the ransom, is a contentious issue. If a company decides to pay, the amount should be negotiated as soon as possible. Attempting to negotiate a payment price for a decryption key has historically backfired for organizations. As a result, ransomware operators raise their prices by twice as much as they were before. Negotiation, or at the very least employing an outside business that specializes in dealing with these types of situations, is recommended by experts.

Also Read: The Threat Landscape in 2021 – Defending Against Big Game Hunting

Going it alone

While some companies are able to handle attacks on their own, many should keep a third-party incident response service on retainer to call in when needed.

Dealing with an attack is likely to be difficult unless a company has well-developed systems and a sizable security team. If they are a victim of one of these attacks, industry experts always advise contacting an experienced IR provider, because those companies would have dealt with dozens or hundreds of similar situations.

As a punishment for attempting to circumvent them, the attacker can return with new ransomware and a larger ransom fee. Data access is simply one piece of the puzzle. In order to successfully overcome a ransomware assault, in the long run, the system should be remedied and defenses should be strengthened.

For more such updates follow us on Google News ITsecuritywire News