What do ‘Wentworth Golf and Country Club’, the ‘UK Research and Innovation (UKRI)’, ‘Serco’ and ‘Acer’ have in common?
They were all ransomware victims in the last year! Apparently included was the ransom note addressed to Serco the attackers claimed: “We’ve been surfing inside your network for about three weeks and copied more than 1TB of your data.”
What is Ransomware?
Ransomware comes in several types and varieties, including crypto, lockers, extortionate, and ransomware as a service (RaaS), and they are not all the same.
Crypto ransomware encrypts files, scrambling the contents and making them unreadable. A decryption key is necessary to restore the files to a readable format. Cybercriminals then issue ransom demands, promising to decrypt data or release the decryption key once demands are met.
Locker ransomware doesn’t encrypt files but completely locks the victim out of their system or device. Cybercriminals then demand a ransom to unlock the device. Generally speaking, it’s possible to recover from or avoid an attempted crypto attack if a good backup is available. But a locker ransomware attack is harder and more expensive to recover from. Even with backed-up data, the device must be replaced entirely.
The basic objective of a ransomware attack is to extort money. But organisations can refuse to pay, especially when they have a good backup and recovery system in place. Unsurprisingly, attackers have begun using a new technique in recent years called double extortion, in which data is both encrypted and extracted. If the company refuses to pay, hackers threaten to leak the information online or sell it to the highest bidder.
And it gets a whole lot worse. As devastating as double extortionate ransomware sounds, security experts are warning of a bigger threat: triple extortionate ransomware. Attackers demand money from affected third parties, in addition to extracting data and demanding ransom from the initial target.
Ransomware Attack – What To Do – Restore and Recovery
Could your business run without it’s governance in place, reporting data for regulators or tax authorities? If yes, how long for?
The average downtime after a ransomware attack is 21 days. If you pay the ransom, it might take several additional days to receive the decryption key and reverse the encryption. Paying the ransom is not really an answer as around 13% of companies do, but they often don’t get the unlock code and have to rebuild their files from the ground up. On average, organisations that paid the ransom and got the unlock keys, only 65% managed to get their encrypted data restored. For another 29%, more than half of their stolen data remains encrypted. This means it’s extremely unlikely you’ll get all of your data back, even if you pay.
Be aware that some ransomware variants identify and destroy backups on the compromised network. If backups have been destroyed or encrypted, the recovery process can become more complicated. But even if backups are usable, recovery could still be a lengthy process, depending on the type of backup and recovery system you have in place.
Whether you pay the ransom or attempt to recover data yourself, plan for the entire recovery process taking several days. Plan as well for some degree of financial loss, whether it comes in the form of ransom payments, incident response costs, or lost revenue due to downtime.
What Happens If You Don’t Pay the Ransom?
You may look to leverage backups that reside on secondary storage, but they aren’t readily accessible. This slows time to recovery. Additionally, they must run forensic analysis to find the attack origins to ensure they don’t restore a corrupted backup.
The risks you run are;
Risk of reintroducing malware from backups. Backups have to be cleaned before recovery, or you risk reintroducing malware back into the system as part of the recovery.
Costly downtime: Right away, it’s looking like recovery point objectives (RPOs) and recovery time objectives (RTOs) won’t be met. IT resources are diverted as purpose-built data-protection infrastructure gets over-stressed by the weight of the attack.
Missed SLAs: With networks and critical apps out of commission, SLAs are missed. This isn’t just an IT problem, it’s a business problem—resulting in lost customer confidence and lost revenue.
What’s The Answer?
Ransomware Attack Prevention
We provide this for non-financial services companies too.
Using our secure document portal you have many benefits;
The hackers do not have access to the files we hold.
You can download or replace any of the documents at any time.
We can digitise your Compliance Monitoring Plan and simply upload your results – even your risk register; it’s all auditable.
Unlimited users (view only) with full activity tracking and version control.
You can store additional documents needed for regulatory or tax returns (docx, pdf, images etc)
You can download the documents to place on your server after rebuilding it; or keep them seperate as a single version of truth.
We can also provide an alert service giving you 90 days warning of a document (or policy) expiring, so as to get it reviewed and reissued.
You Automatically Get;
Document expiry reminders
Unlimited permissioned users
Custom document tagging
In system notifications
Secure and Reliable Visibility – What We Offer:
Having the most up-to-date version of a document is not enough. Version control and user access tracking are essential aspects of proving compliance.
User activity log
Backup and virus scan
Document revision history
Encryption of all files
Full Online Support
You’re not alone. Our dedicated support site contains video and text help to assist with any issues you may run into.
Login to submit a support ticket 24/7
Submit and review new feature requests
We will look after your top 10 documents for free. No charge. Gratis. More documents at additional charge from £50 per month. Over 500 documents is POA.
See our page https://complianceconsultant.org/stop-sending-and-start-sharing/ for more details.