CS Nov-Dec 2022

ansomware
Steve Forbes, Nominet: paying a ransom
could make your business a bigger target
in the future.
Sam Curry, Cybereason: with ransomware
attacks surging, the clock starts to
immediately tick after ransomware has
executed.
lapse in judgement or concentration by
a user who fails to spot a fake email, but
also whether to pay or not is a decision only
management can make. In the latter case,
most people's natural reaction is likely to be
to try to tough it out and pray that the IT
team can get things back up and running.
Unfortunately, the hackers have thought
of that and typically built in the ticking
timebomb factor, increasing pressure to
cave in and pay up while there is still time
for damage limitation," he says.
In such situations, the management team
finds itself between the proverbial rock and
the hard place. "Stand firm and risk not just
losing their entire OT systems, including
business critical files and corporate data, but
also the indirect costs, such as reputational
damage and any incurred customer liability
costs; or take the hit and move on as quickly
as possible."
In the end, adds Oakton, it all comes down
to a simple cost/benefit decision, which
usually means taking the least-worst financial
impact option and giving in to the hacker's
demands.
"For its victims, ransomware holds some
salutary lessons that need to be heeded, if
they are going to avoid similar attacks in the
future. Top of the list is: don't assume that
you are now immune. Research has shown
that hackers are very likely to be back to
see if you have strengthened your defences.
Next, ensure that you have a robust backup
and recovery plan for all critical systems
and, last but not least, put in place rigorous
network management policies, backed by
a programme of regular user education
to engender a corporate culture of cyber
awareness."
ROBUST BACKUPS
Steve Forbes, government cyber security
expert, Nominet, picks up on the NCSC
advice against paying a ransom, on the basis
that there's no guarantee you'll actually have
access restored, if you pay, and it could make
your business a bigger target in the future.
"But, if a worst-case scenario does happen,"
he says, "and you hold out on paying a
ransom, there are steps you can take to
mitigate any damage and try to recover.
"At a bare minimum, having robust backups
on hand that have been tested and are
resilient to malware is critical to get any
impacted systems back online and
operational in a quick manner. Ideally, this
would be part of an incident response and
crisis management plan that would be
implemented at the first sign of trouble."
Local authorities and national cyber
agencies like the NCSC can also become
a major lifeline in a ransomware situation,
he adds. "They're the experts, and have all
the procedures and actions in place to
deploy when needed. Whether it's sharing
technical advice for what to do or providing
access to information, liaising with
organisations like this can be invaluable.
The quicker a business reaches out for help
when disaster strikes, the better chance
they have to recover and get back on track.
Additionally, transparency with the authorities
and any person or organisation that
may be impacted by the incident is crucial.
This can help to minimise reputational
damage and reduce any fines that are
imposed by regulatory bodies."
Double extortion ransomware is another
increasing trend for businesses to be wary
of, where threat actors encrypt and hold
hostage valuable data, putting additional
pressure on them to pay up. "This is where,
on top of having trusted backups, it is vital
to have strong data encryption before it has
a chance to be stolen, ensuring that, if an
attacker is threatening to expose the data, it
is at least protected," Forbes concludes.
"Finally, organisations should ensure that only
data that is required is retained, as this
reduces the risk and impact, should any data
be compromised."
28
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk