Want to quickly recover from ransomware? Plan ahead
Alex Wong via Getty Images When a ransomware attack hits a business, the recovery doesn’t stop at the decision of whether to pay the ransom.
For businesses, the first step post-hack is to contain the attack. “Evaluate systems that have been affected … [by] the attack and then look to contain and limit that attack,” said Asher de Metz, senior manager of security consulting at Sungard AS. “Then once it’s contained, they’re also going to want to communicate with stakeholders.”
Consider the recent Kaseya attack: After triaging and releasing a patch for on-premise customers, the company still had to mitigate the SaaS damage with a separate patch. Weeks after the attack, it’s unclear if any backdoors have been exposed, prone to further attack.
With some hindsight, researchers are uncovering where Kaseya went wrong and what the company could’ve done differently to prevent the attack affecting 1,500 downstream customers . But for businesses watching the drama unfold as another company scrambles with a post-hack response, the lesson is to prepare for the worst.
“The most critical factor is completely eradicating the threat from the environment,” Tim Grelling, director of innovation, security at Core BTS, said in an email to Cybersecurity Dive. “Attempts to ‘uninstall’ […]