One cybercrime is reported every six minutes in Australia, with ransomware costing Australians upwards of $3 billion in damages yearly. Preventative strategies mitigate the risk of your business experiencing these repercussions. From risk assessment to incident response, this guide will provide a comprehensive overview of ransomware protection and actionable steps for preparation and response.
Understanding ransomware
Ransomware is malicious software that blocks access to systems or encrypts data until the victim pays a ransom in exchange for a decryption key. Typically, cybercriminals demand payment in cryptocurrency, which makes the transaction challenging to trace. Ransomware disrupts business operations by rendering critical data and systems inaccessible, leading to financial loss, operational downtime, and damage to the organisation’s reputation. Beyond the immediate impact, a ransomware attack also results in data breaches where cybercriminals expose or sell sensitive information on the dark web.
Ransomware has become a constant threat, with cybercriminals often developing and deploying new tactics to bypass security measures and infect systems. Criminals initiate attacks through many vectors, including phishing emails, malicious websites, and unsecured networks.
Source: ASD.
Preparing for ransomware attacks
The following steps put your business on the path to prevent attacks and prepare for the worst.
Risk assessment
Start with a thorough risk assessment to identify vulnerabilities. Your organisation will need to understand the critical assets that need protection, evaluate existing security measures, and recognise the potential impact of a ransomware attack on business operations.
Implementing cyber security measures for ransomware protection
Following the Australian Cyber Security Centre’s (ACSC’s) Ransomware Prevention Guide, four lines of defence are worth implementing into your security strategy. These include:
- Regular updates: Keep your systems, software, and applications current. Implement timely updates as cybercriminals often exploit known vulnerabilities.
- Antivirus and anti-ransomware software: Use reputable antivirus software that includes anti-ransomware features. Keep it active and updated.
- Access controls: Implement strict access controls to limit who can access sensitive data and systems. Ensure that no one in the organisation can access information that they do not need for their job.
- Multi-Factor Authentication (MFA): Enable MFA to add an extra layer of security. This requires users to provide two or more verification methods to access accounts.
Employee training and awareness
Regularly train your employees on cyber security best practices to prevent ransomware attacks. Educate them on recognising phishing emails, avoiding suspicious links, and reporting potential security incidents.
Data backup strategies
Regularly backup data to onsite and offsite locations. Backups should be encrypted and kept separate from your main network. Periodically test backups to ensure data integrity and quick restoration during an incident.
Incident response plan
Develop a comprehensive incident response plan detailing the steps required during a ransomware attack. This plan should include roles, responsibilities, communication protocols, and recovery procedures.
Responding to a ransomware attack
The above points will strengthen your defences, but they cannot make you immune to an attack. In the event of an incident, we recommend preparing for the following steps.
Immediate actions
Disconnect infected devices: Immediately isolate infected devices from the network to prevent ransomware from spreading.
Record details: Document details of the attack, such as ransom notes and any new file extensions, to assist in the recovery process and potential investigations.
Assessing the situation
Evaluate the extent of the infection and determine which systems and data the cybercriminals compromised. Consult cyber security experts to assist with the assessment and provide guidance on the best course of action.
Communication strategies
Communicate with stakeholders, including employees, customers, and partners. Provide clear information about the attack, the steps to address it, and any potential impact on services. Inform your cyber insurer, as many policies state that you must inform your insurer of an attack.
Decryption and recovery
If you have secure backups, restore your data from these sources. The ACSC advises against paying the ransom, as there is no guarantee that you will regain access to your data or that the attackers will not target you again. Use reputable decryption tools and consult with cyber security professionals for additional recovery options.
Legal and regulatory considerations
Report the ransomware attack to relevant authorities, such as the Office of the Australian Information Commissioner (OAIC). The Notifiable Data Breaches (NDB) Scheme mandates that organisations must report incidents if someone could experience harm as a result of stolen data. Reporting incidents will also help the relevant authorities investigate and prevent attacks from impacting others.
Post-incident review and improvement
After resolving the immediate threat:
- Conduct a thorough review of the incident.
- Identify what went wrong, what was done well, and how to improve your defences to prevent future attacks.
- Update your incident response plan based on these learnings and continue to educate your team on cyber security best practices.
For more detailed insights on the latest in cyber security measures, we invite you to join our webinar on bouncing back from a cyber attack. The webinar will provide valuable information on how to build resilience and respond to cyber threats like ransomware.
Conclusion
Proper preparation and response can mitigate ransomware’s impact. Research from the ASD highlighted that during the 2022-23 financial year, nearly 94,000 cybercrime reports were submitted (an increase of 23% from the previous year), reinforcing the growing prevalence of these threats. By following the guidelines outlined here, you can enhance your organisation’s resilience against ransomware attacks.
Adopting good cyber security practices, such as regular system updates, strong access controls, MFA, and comprehensive backup strategies, can reduce the risk of ransomware attacks. Investing in a water-tight cyber security infrastructure and staff training helps maintain a secure and resilient business environment.
Netier can guide your preparation and response strategy
Our team will collaborate with you to build a robust preparation and response strategy to protect from the fallout of a ransomware attack. We will help you build a multi-layered cyber security strategy that combines proactive controls to prevent an attack and reactive measures should an incident occur. Visit our Cyber Security and Managed IT page for more information and to contact us.
Related Blogs
Your guide to building cost-effective cyber security that meets business goals
Does your cyber security strategy include the human factor? Cyber security for small businesses: Developing a proactive defence plan