The advancement of technology and the internet has benefitted businesses and people around the world. But the downsides of technology, hacking, and cyber-attacks have raised questions about digital safety. The recent streak of ransomware attacks on large-scale companies like Colonial Pipelines and JBS has terrorized the United States.
The Cyber Security and Infrastructure and Infrastructure Agency (CISA) and Multi-State Information Sharing and Analysis Center with combined efforts produced a Ransomware Guide. The guide focuses on two phases; measures to prevent ransomware and post ransomware activities.
Practices and investments related to security are in place both from the government and companies. However, the attacks are inevitable. Still, anyone ranging from government agencies to personal business organizations can fall short in securing their system from hackers. Nevertheless, one should always be prepared to act accordingly in such circumstances and efforts centralized on loss minimization.
Let’s take a look at some counter practices for a ransomware attack
Identify and isolate the affected
As soon as the attack or any suspicious activities appear in the system, the company should act fast to identify and locate the source of infection. The IT team needs to isolate the impacted networks, subsystems, and devices immediately. Delay in isolation could lead to the spread of infection to other networks and devices.
Shut down the system
Sometimes identifying the source of infection can be challenging and take time. In such a scenario, the company may need to take down the whole system offline to avoid further transmission of attack between the network devices. However, this action can erase the evidence that may be essential for Cybersecurity agencies. The evidence may include but is not limited to malware samples, encrypted data, scripts, or code executed by the malware or attackers, the associated email address used to break into the system, ransom demands, and so on.
Change administrative login details and rights
Ransomware can gather critical data such as login credentials. If the hackers get their hands-on administrative accounts, they can authorize high-level actions. The hackers can wipe out the backups or change the credentials and deny access to the system thereby worsening the situation. Hence, it is good to change administrative and user credentials to secure the system and the backups that will assist in the recovery.
Avoid negotiations or contact with the attackers
The hefty ransom asked to unlock the system sometimes is deemed as a quick and inexpensive resolution compared to the time and resources required for legal recovery. Nevertheless, surrendering to one attack opens doors for many. The hackers after knowing the weakness may increase the ransom as well. Besides, there is no guarantee that they will release the system after they receive the ransom. So, we strongly advise you not to even initiate a conversation or reply to the threats. Doing the opposite will just encourage the attacker to continue persuasion.
Communicate the problem
Awareness is essential. it is the duty of the concerned body of the company to notify the employees about the attack, especially the IT security team. The company should stick to documentation that covers the attack from all angles which will be a reference for acting on similar future attacks. In addition, the company should immediately inform National Cyber Security Agencies.