Industry Experts Reveal Best Practices for Reducing or Eliminating Harmful Impacts of Ransomware
TORONTO (May 27, 2020) – Asigra Inc., a leader in backup and recovery software that delivers comprehensive repository cyber protection, today highlighted a number of best practices proposed by providers of both preventative and responsive solutions for combating the financial ramifications of ransomware.
“Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent,” according to a bulletin released by the Federal Bureau of Investigation. “Cyber criminals can take advantage of security weaknesses in widely used software programs to gain control of victim systems and deploy ransomware. For example, recently exploited vulnerabilities were discovered in two remote management tools used by managed service providers (MSPs) to deploy ransomware on the networks of customers of at least three MSPs.”
Industry experts often cite two categories of ransomware defensive approaches and solutions – preventative and responsive. Preventative strategies stop such attacks from succeeding in a way that would maintain business access to their data. Strategies in this area would include training employees about the proper handling of potential phishing emails, implementing the proper cybersecurity software to protect primary data and a second layer of security-enabled data protection on secondary storage to ensure the complete recovery of criminally encrypted data.
Responsive ransomware strategies include ransomware recovery experts (CYPFER Corp. for example) to minimize downtime and potential financial loss in the event an attack was successful. These measures also include a managed service provider to assist in finding all possible alternatives to return mission critical data to the customer. Additionally, it would also include a credible cyber-insurance provider at the company’s disposal to financially cover the event and address monetary damages.
Five best practices cited by experts in these areas include:
- Cultivate a security-aware culture: Educate and train employees on the dangers of phishing emails. Phishing is the number one method used by ransomware attackers because it is an effective means to access a target’s network.
- Backup files and protect backup data: Regularly back up data using a 3-2-2 methodology where three copies of data are stored locally on secondary storage; two additional copies of backup data are kept on different locally available mediums (devices); and two backup copies are stored offsite two remote locations, such as a remote facility or cloud-based platform. In the event the training and primary cybersecurity measures fail, ensure the backup data is protected as it will become the recovery technique of last resort should the network be impacted. This is effectively done with a backup solution that addresses ransomware Attack Loops™ by scanning for malware instream and as recovered data is returned to production, among other techniques.
- Secure the network environment. Keep programs and operating systems up to date, ensure servers are patched and updated, and securely restrict and limit system components and administration tools by granting users enough access or privileges to accomplish a task or run an application.
- Defend primary data: While there are an endless number of cybersecurity solutions available, choose solutions with an effective record of success and deploy accordingly to protect both traditional and remote workforce environments.
- Insure: Some ransomware payments have been reported to be in the millions. Organizations that have no other option but to pay the ransom, would be remedied by having a cyber insurance policy that covers the damage from such attacks. Having a policy that protects against such attacks and the resulting liability could mean the difference between continuing with operations or claiming bankruptcy.
Ransomware Response and Recovery
Should devices on a company network unfortunately fall victim to cyber attackers and it is critical that data be recovered, ensure that a ransomware recovery expert is part of the incident response team to negotiate the ransom demand with the threat actors and to try to reduce the financial impact. To mitigate the risk, the incident response team should investigate all the alternatives, such as recovering from back-ups, rebuilding server environments and deploying free decryption tools, or negotiating with the threat actors.
As a last resort, a company can direct the ransomware recovery expert to coordinate and direct the most suitable response to the specific threat, and if the decision is made to pay the ransom, negotiate and facilitate the ransom settlement on the victim’s behalf and procure the decryption tools required to restore data files.
“Paying ransom to cyber threat actors is not recommended, but sometimes it is a necessary response to ensure business continuity,” said Jason Kotler, Founder and President, CYPFER Corp. “In these cases, it is essential to negotiate and facilitate payment of the ransom in the proper cryptocurrency and to ensure that your data is unlocked, so that business services can resume as soon as possible.”
“The financial impact that ransomware can have on any organization is frequently devastating,” said Marc Staimer, Principal Analyst and President of Dragon Slayer Consulting. “If not properly prepared, damages can go beyond the payment of an exorbitant ransom which does not guarantee the de-encryption of data. It often also includes the loss of revenues from downtime, expensive third-party data recovery attempts, increases in future insurance costs, and reputational damage.”
“These time-sensitive events need to be addressed quickly. Whether for pre-attack preparation or post-attack emergency support, it is critical to have industry experts available,” said Eran Farajun, Executive Vice President, Asigra. “To provide some level of assurance, the five best practices and the experts referenced will provide the best chance of making it through one of these events.”
For more information on Asigra, please download a case study on cybersecurity-enabled data protection at https://site-files.asigra.com/files/case-study/pdf/pcs-trade-union.pdf.
Tweet This: @Asigra Presents Five Preventative and Responsive Best Practices to Mitigate Ransomware Damages – https://bit.ly/2N04LHu
To learn more about Asigra, visit:www.asigra.com
Follow Asigra on Twitter at: http://twitter.com/asigra
Trusted since 1986, Asigra technology is proudly developed in and supported from North America, providing organizations around the world the ability to quickly recover their data from anywhere through a global network of IT service providers. As the industry’s most comprehensive data protection platform for servers, virtual machines, endpoint devices, databases and applications, SaaS and IaaS based applications, Asigra lowers the total cost of ownership, reduces recovery time objectives, and eliminates silos of backup data by providing a single consolidated repository with 100% recovery assurance and anti-ransomware defense. The company has been recognized as a three-time Product of the Year Gold winner by Techtarget for Enterprise Backup and Recovery Software and positioned well in the market by analysts. More information on Asigra can be found at www.asigra.com.