A common threat within cyberspace is Ransomware (RW). This threat is not new and seems to be increasing almost daily which is not good news for businesses, organisations (orgs) and individuals.
As a cybersecurity specialist, Gurpreet Thathy (GT) remembers the first RW attack he investigated where the laptop was encrypted; however, you could restore your data using the Volume-Shadow-Copies installed on the computer in case of a malfunction. From there, attackers started to either destroy them or encrypt them as well. As RW attacks have evolved, so has the need to back-up (BUp) your data. In GT’s experience, virtually all attacks attempt to destroy or encrypt BUp repositories and your current infrastructure.
Without these BUp’s, which can be used as a fast recovery from the attack, orgs have no real alternative but to ‘pay the ransom.’ Valkyrie is keen to raise awareness – some advisory steps:
- Protecting your BU: in our experience and through no fault of their own but usually due to lack of awareness, clients keep BUp’s on the same infrastructure or domain as their live data. In such cases, the BU gets encrypted along with the live data. Keeping them offline and inaccessible via the network is the best strategy. Depending on the infrastructure and accessibility physically, it is best to keep it air-gapped and offline.
- Regular BUp’s: ensure that regular BUp’s are conducted on your infrastructure and that BUp’s are checked frequently to ensure continuity and maintenance.
- Accessibility of BUp’s: ensure that the IT/Security dept is well versed as to where the BUp’s are located, and they can access the data if required.
- Crisis Management Exercises: org’s should have crisis/continuity processes and procedures (P&P) in place; however, they are unlikely to have exercised cyber specific scenarios should they occur.
-Who gets involved?
-Who do call externally as well as internally?
-Is there a legal element involved?
-Who needs to be informed, and is there any obligation to report the incident to the ICO?
These are just a few questions that need to be answered accurately and as quickly as possible. Along with P&P’s exercising (‘war gaming’) such scenarios will greatly assist everyone and enable orgs to deal with the issue in a controlled manner and return to business-as-usual ASAP.
If you require advice or assistance in regard to BUp’s or training, we’d be more than happy to discuss – E: email@example.com | T: +44 (0) 2074 999 323