Operating in a space wrought with innumerable risks and increasingly sophisticated attackers, no one single information security practitioner is expected to know what to expect at all times and how to respond to any given event. Which is why having a trusted resource to rely on for advice is key.
Our team of Faculty serve as that resource.
Through their direct interactions with our clients as part of our Ask-An-Expert service, our Faculty members are attuned to the top concerns of security practitioners. Unsurprisingly, ransomware has emerged as an area of particular interest where security leaders and their teams often engage our Faculty for guidance.
If you're unsure about how your organization might respond to a ransomware attack, you're not alone. In this piece we provide insight into what other security teams want to know about how to respond to ransomware attacks based on the questions they ask to our Faculty.
Questions About Responding to Ransomware
Even with an established ransomware prevention strategy in place, the potential for a successful ransomware attack remains. In the event your organization is faced with a severe incident, knowing how to respond is vital to recovery - as is evident in the following questions security teams posed to our Faculty.
- If a ransomware attack happens, what should we publish to consumers and when should we contact the FBI?
- Asking for input on the ransomware incident response book we're working on, including best practices for adapting it to other threat scenarios, whether to take systems offline (even those not confirmed to be infected) and the level of detail the plan should contain.
- How often ransomware gangs successfully unlock data once the ransom is paid? Also, if a company's external legal and security firm decides to make a payment, could you be prosecuted as a company? What should we do if our business is locked up? In addition, are there different malware families that have a better reputation regarding decryption?
- Seeking guidance about containing, eradicating and recovering from ransomware, particularly from a disaster recovery perspective. What are other organizations doing and what are best practices?
- What can our company do following a ransomware attack? Do we need a crypto account?
- Seeking guidance and best practices around ransomware recovery for a mature, enterprise-level organization.
- Looking to discuss the business and recovery side of ransomware and learn about the threat actors, all with a focus on telecommunications and utility companies.
- Can a Faculty member review our new ransomware response procedure?
- What are the best recovery methods after a ransomware incident, specifically strategies to protect backups? How can we identify safe backup for servers and desktops, safely restore from backup and test strategies for recovery processes before attacks?
- How do other organizations handle the architecture, backing up and recovery of their data on-prem and in the cloud following a ransomware event? We are evaluating Rubrik and Veeam but would like to hear what other vendors we should consider. What do we need to have in place to ensure a speedy recovery and minimal impact? How quickly can we perform the forensics to find when the data was breached? What role does data classification play in this space?
READ: What Security Teams Want to Know About Ransomware Prevention
Ransomware Response Resources
As part of our Ask-An-Expert service, questions like those in the ransomware response realm featured here are personally addressed by a dedicated member of our Faculty, whether through a phone conversation or detailed written response. Accessibility to our Faculty is unlimited and can vary in scope to address the specific needs for a particular security project or program.
Do you have questions about a particular security project or program initiative? Get in touch with IANS to learn more about how our Faculty can serve as a clear-headed resource to help you and your team.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.