Ransomware Attack Disaster Planning

Business Disaster Planning

When developing a business strategic plan in today’s new digital normal, make sure your SWOT outside environment threat analysis addresses the threats of ransomware attacks. Be sure to ask the following questions:

  • Who will your company contact once it suspects a ransomware attack?
  • How will you get the word out to employees and clients?
  • Where are all the backups located (3-2-1 rule)?
  • What happens if the hacker already found the backups?

It’s tempting to think the average cyber extortionist has bigger fish to fry than your small business. Small businesses may receive less attention but Secretary of Homeland Security Alejandro Mayorkas said during a U.S. Chamber of Commerce event in May, “50 to 70 percent of ransomware attacks are aimed at small and medium-sized companies”. Changes in business practices, accelerated by the pandemic, have left small businesses more vulnerable. In ransomware attacks, cyber criminals use malware to take over and encrypt a victim’s files and data, effectively holding the data hostage until they’re paid to release it. The recent surge in remote work was a golden opportunity for hackers, who took advantage of out-of-date VPNs and unsecured home networks.

Small businesses are attractive targets because they typically lack the budget and resources to prevent, identify, respond to, and recover from threats. There are, however, some simple methods that can help. Here are a few things you should know about ransomware:

  • Every industry is vulnerable.
    • No target has proved too small for hackers, who are constantly looking for new opportunities. Some criminals focus on specific groups for a while before moving to the next group. Just look at the recent past when hospitals, pipelines, government departments, etc. have been hit with ransom attacks.
  • Backup everything.
    • Practicing the 3-2-1 backup rule (keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite) is a common approach to keeping your data safe in almost any failure scenario. But don’t count on being able to return to normal right away — even companies with backup systems aren’t safe. Increasingly, thieves have been targeting backup systems, as well as entire devices.
    • A cloud-based backup may be a good option, since it keeps your data off-site and immediately accessible. But there are ways this option can backfire, such as if your malware-infected files sync to your cloud server. Cloud service providers also can fall victim to ransomware attacks.
    • If your business follows 3-2-1 Backup rule, then you can easily recover from a ransomware attack. However, the recovery point objective (RPO) and recovery time objective (RTO) are key. Following key questions should be considered during a tabletop exercise for this scenario:
      • How long does it take to get offsite backups on premise to start the recovery process?
      • Is the contact information and process to obtain offsite backups documented and available in paper format?
      • How often do we test offsite backups?
      • How long does it take to restore systems from backup?
      • Have we restored a service in the past from offsite backups?
  • Don’t forget to secure your remote workers.
    • Remote workers are sitting ducks for cyber criminals. Hackers can slip in through remote access entry points, including remote desktops and VPN access portals.
    • You should make sure your remote workers are trained to spot phishing attempts, use two-factor authentication, and download the most recent updates of security software. 
  • Have a disaster action plan for a ransomware attack.
    • Ideally, you should perform tabletop exercises, or a real-time simulation of a ransomware attack, so you’re not flying blind if your data is intercepted.
    • You can hire a cybersecurity firm to perform the exercises or do them yourself, but it will cost you either way.
    • Have your employees identify what went wrong, and fix any vulnerabilities in the system. These different threat scenarios (generated using a SWOT analysis) can help you improve your response plan and help the business develop that muscle memory around what to do in the event that one of the threats actually takes place. 
  • Accept the fact that you are almost guaranteed to lose some of your data.
    • A staggering 92 percent of ransomware victims who comply with the thieves’ demands don’t get all of their data back, according to a report from security firm Sophos.
    • Victims commonly pay the ransom to get access to a decryption key, which they can use to unlock and decrypt their data. But there’s always a chance that the key won’t work–and if it does, at least some of the data may be corrupted, in many cases irretrievably.
    • Even more worrisome, there’s a chance that the hacker may have installed spyware or other malicious software in your system. So although every situation is different, experts typically urge businesses not to give in to hackers’ demands. The best advice is to prepare for such attacks in advance and prevent them from happening.

For more about disaster planning, sign up for a free mentoring session.

Copyright ©John Trenary 2021

Leave a Reply

%d bloggers like this: