Building cyber resilience in the face of ransomware attacks

Dramatic changes to work operations in response to the COVID-19 pandemic left many organisations vulnerable prey for ransomware attacks.

The rapidly evolving nature of the threat now allows it to topple businesses, becoming increasingly complex with organised teams of cyber criminals working to take advantage of those who are unprepared.

In response to such a threat, Booz Allen highlights six methods of avoiding paying a ransom and measures to reject the extortion.

• Ransomware is duress Modern cyberattacks are able to leverage more than just encrypted files. Leaks to the media, pressure on external aspects of the business and personal threats to individuals allow ransomware attacks to cripple businesses and gain the highest ransom. If a company has the means, making a payment to suppress the public disclosure of sensitive information should be done in a timely fashion to avoid the countdown clock set by cybercriminals.
• Turning the odds against extortionists Combining crisis management planning, business continuity and disaster recovery planning is essential to solid ransomware resilience. “The solution counters each point of leverage an attacker can impose with an objective to recover with speed and efficiency, without contributing to the extortion cycle,” Booz Allen says.
• Crisis management A strong crisis management plan allows for the alleviation of pressure points, building an understanding of an appropriate communication hierarchy. Ensuring that the crisis management approach is repeatable will allow for stronger defences and provide a framework for responding to attackers.
• Business continuity  “Attackers will intentionally create an environment where it appears that paying for a decryptor is the only viable option in restoring critical systems and applications needed to run the business. A BCP will help the victim company through that analysis, as it finds alternative ways to manage critical processes during an attack.”
• Disaster recovery To be implemented alongside a BCP, a disaster recovery plan will provide a guide to ensure containment and eradication as well as restoration in the event of an attack. Factors such as designated duties, times, order of operations and prioritisation of critical assets will limit interruption and effects of the attack.
• Preparation Board level engagement regarding ransomware readiness has never been higher, according to Booz Allen, with cyber resilience becoming an integral part of business strategy. Those that are prepared to effectively weather disruptions are most likely to minimise the effects or prevent them in the first place.

“There is a good possibility that most organizations will face the pressure of a ransomware demand at some point during their continued operations. Having an integrated business continuity plan that is continuously stress-tested and updated can help reduce or even eliminate the pressures ransomware attacks create,” says Booz Allen.