Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
A good security program will not only have controls built in to prevent ransomware attacks, but also reactive controls in place to deal with ransomware after the fact. Security teams must have a solid plan in place that includes all stakeholders across the organization to be proactive
in preventing and responding to today’s ransomware attacks.
This piece explains some key preventive and detective controls for ransomware, as well as critical ransomware response techniques, financial considerations and stakeholder responsibilities necessary to mitigate ransomware’s effects across the organization.
This new age of ransomware attacks shines a light at a core, unsolved problem in many enterprises: unfettered lateral movement. To inject ransomware, attackers must know where critical resources are on the network. To know that, they have to map the network.
This requires attackers to “move laterally” from one machine/server to another, often using different credentials they’ve stolen from various machines across the network or through phishing. This is why most ransomware and security
strategies focus on curtailing lateral movement.
Key controls to consider include:
Ransomware attacks often start with a phishing campaign. Attackers trick users into clicking malicious links or opening malware-laced attachments that enable them to compromise those users’ credentials and gain entry to the network. They then
begin to search for ways to move laterally in the environment.
Additional ransomware warning signs include:
These are serious warning signs that should kick off a security incident response team (SIRT) response.
While it is impossible to define with precision the exact actions that must be taken in every situation, some activities can help reduce the attack footprint and/or minimize the damage of a ransomware attack (these are not necessarily in chronological order):
At the center of every ransomware event is the question of whether to pay the ransom. The following questions can help guide the decision:
READ: Ransomware Response: Data Protection Best Practices
We advise partnership with your legal department and law enforcement. Any engagement with threat actors should be done in collaboration with them and your incident response firm.
It’s important to note that recovering from ransomware requires additional investment beyond what the ransomware threat actor demands. You may need to rebuild systems and deploy additional security controls in the future. It is considered a
best practice to rebuild, when possible, to ensure a malware-free system.
Here is a list of key stakeholders and their respective responsibilities during a ransomware event.
Compliance and/or internal audit
Handling ransomware properly is a daunting challenge. To increase your chances of success, focus on the following:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
February 29, 2024
By IANS Research
Access key data sets from the 2023 -2024 IANS and Artico Search’s Cybersecurity Staff Compensation Benchmark Report. Gain valuable insights on cybersecurity staff roles to hire and retain top security talent.
Access key data from IANS and Artico Search’s Compensation, Budget and Satisfaction for CISOs in Financial Services, 2023-2024 report. Find valuable insights around the Financial Services CISO role to help better understand your situation, improve job satisfaction and drive organizational change.
February 21, 2024
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.