Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
A good security program will not only have controls built in to prevent ransomware attacks, but also reactive controls in place to deal with ransomware after the fact. Security teams must have a solid plan in place that includes all stakeholders across the organization to be proactive
in preventing and responding to today’s ransomware attacks.
This piece explains some key preventive and detective controls for ransomware, as well as critical ransomware response techniques, financial considerations and stakeholder responsibilities necessary to mitigate ransomware’s effects across the organization.
This new age of ransomware attacks shines a light at a core, unsolved problem in many enterprises: unfettered lateral movement. To inject ransomware, attackers must know where critical resources are on the network. To know that, they have to map the network.
This requires attackers to “move laterally” from one machine/server to another, often using different credentials they’ve stolen from various machines across the network or through phishing. This is why most ransomware and security
strategies focus on curtailing lateral movement.
Key controls to consider include:
Ransomware attacks often start with a phishing campaign. Attackers trick users into clicking malicious links or opening malware-laced attachments that enable them to compromise those users’ credentials and gain entry to the network. They then
begin to search for ways to move laterally in the environment.
Additional ransomware warning signs include:
These are serious warning signs that should kick off a security incident response team (SIRT) response.
While it is impossible to define with precision the exact actions that must be taken in every situation, some activities can help reduce the attack footprint and/or minimize the damage of a ransomware attack (these are not necessarily in chronological order):
At the center of every ransomware event is the question of whether to pay the ransom. The following questions can help guide the decision:
READ: Ransomware Response: Data Protection Best Practices
We advise partnership with your legal department and law enforcement. Any engagement with threat actors should be done in collaboration with them and your incident response firm.
It’s important to note that recovering from ransomware requires additional investment beyond what the ransomware threat actor demands. You may need to rebuild systems and deploy additional security controls in the future. It is considered a
best practice to rebuild, when possible, to ensure a malware-free system.
Here is a list of key stakeholders and their respective responsibilities during a ransomware event.
Compliance and/or internal audit
Handling ransomware properly is a daunting challenge. To increase your chances of success, focus on the following:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 19, 2023
By IANS Faculty
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.
September 14, 2023
Learn how to use a three-step approach to defending and managing public and private APIs while avoiding common mistakes.
September 12, 2023
Understand the main differences between first- and second-gen SAST tools and learn how to determine which will work best for your environment.