If you are dealing with a ransomware incident, you may be working under extreme pressure, the ransomware may still be encrypting files, the attackers may have issued ultimatums therefore making the organization desperate to get up and running again.
Never attempt to resolve this in isolation rather, ask for help, prioritize your actions, communicate clearly, and take care of every portion of the organization.
A Ransomware is made to prevent a user or business from accessing files on a computer. Cyber attackers put businesses in a situation where paying the ransom is the quickest and least expensive option to recover access to their files by encrypting these files and requesting a ransom payment for the decryption key.
Below are the 10 steps which we suggest would assist with recovering from a Ransomware Attack, policy wise.
Isolate Compromised System or Network – Limit the impact of the assault by isolating compromised systems or networks. Containing the assault should be your top concern, but if you can do so while simultaneously protecting evidence by keeping affected systems on, do it.
Determine the Attack Scope – Recognize the systems and data types that are affected, then order recovery priorities for the most important systems.
Inform Affected Parties & Stakeholders – Senior management, public relations, your legal counsel, insurance companies, vendors, and law enforcement are examples of stakeholders and they all should be notified.
Seek Help – Think about enlisting the help of local and international law enforcement, vendors, or other third parties experienced in ransomware recovery.
Protect the evidence – Try to save any attack-related evidence you can with the assistance of law enforcement and other parties.
Identify the Type of Ransomware – This will assist you in determining whether a decryptor is available and provide information about the particulars of confinement and cleanup.
Stop the breach – In the initial investigation, you need to identify any precursor malware or persistence techniques the attackers may have left behind.
Rebuild Systems – Use trusted system backups and images to restore crucial data. Be careful to keep unaffected systems apart from clean systems.
Upgrade Patch Reset – To stop the attack from happening again, reset passwords, patch and upgrade software, and implement any extra security measures that are required.
Make Note of Lessons Learnt – Ransomware is always changing. Make the most of what you’ve learnt from this attack to be more ready for the next.
I am very aware that a ransomware attack could be very devastating as a company as well as when you are in the role of a CIO CISO or even a CEO and your reputation just comes crumbling. However, what you must know is that everyday, everyone gets attacked and there are attacks going on all over the world. It takes a company a 100 times to stay safe but it takes an attacker only one time to bring a whole company down.
So with that said, stay vigilant.
This article was written by Sylvester Uduosa Esq. a Cyber Security Analyst and founder of SLYTECH Entp. a Cybersecurity firm based in Nigeria which assists companies and individuals with Pentesting their networks and security with the sole aim of discovering vulnerabilities before Cyber Criminals do and saving companies from losses that maybe incurred as a result of such vulnerability.