Ransomware: Give Us Your Money--or Else
How to Advise Customers Through a Ransomware Attack.
November 6, 2020
Sponsored by Tech Data
With data as their most valuable business asset, organizations that lose their data as a result of a ransomware attack risk downtime, loss of business, reputational damage and more. With life-critical businesses, such as healthcare systems, the results can be loss of life.
According to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Administration (CISA), malicious actors are increasingly using extortionary measures, raising ransom demands, laterally moving across entire networks to seed their ransomware and deleting system backups to make restores more difficult.
How can you help your customers in organizations large and small—and across a wider swath of industries—thwart or manage a ransomware attack?
Help Your Customers Thwart an Attack
Before anything else, the CISA recommends joining an Information Sharing and Analysis Organization (ISAO), such as Tech Data’s RECON ISAO. ISAO communities—which include businesses, local governments and security professionals—share critical threat information and provide access to services to better manage the risk posed by today’s cyber threats.
Then, as a trusted advisor, ensure that your customer has an incident response plan and that their plans and playbooks are regularly tested and updated. A provider like Tech Data can help you prepare a plan to prevent, detect, and remediate an attack and put it to the test in a real-world setting. Other recommendations:
Make regular backups – As part of their disaster recovery (DR) plan, help your customer map out the data they have, how it’s being backed up and how quickly it can be restored. Then ensure they perform regular backups with copies stored offline or in a cloud service.
Keep software updated – Ensure that customers update and patch their applications and operating systems.
Provide security and awareness training – Make sure your customer’s DR plan includes regular employee awareness training with testing at regular intervals.
Employ security best practices – The CISA recommends these:
Employ multi-factor authentication for as many services as possible.
Apply “least privilege” to all systems and services.
Leverage best practices and enable security settings for cloud environments.
Develop and regularly update a comprehensive network diagram.
Employ logical or physical network segmentation.
Ensure your customer has comprehensive asset management.
Restrict usage of PowerShell to specific users on a case-by-case basis.
Secure domain controllers.
Retain and secure logs from network devices and local hosts.
Baseline and analyze network activity to better detect anomalies.
To Pay up or Not to Pay up?
One of the biggest ransomware attack challenges is the decision your customer will make about whether to pay the ransom. The CISA says: “Paying ransom will not ensure your data is decrypted or that your systems or data will no longer be compromised. CISA, MS-ISAC and federal law enforcement do not recommend paying ransom.”
However, your customer may carry cyber insurance. According to a recent article, the cyber insurance market in the U.S. has grown to an estimated $7 billion to $8 billion a year, potentially fueling a rise in ransomware attacks as insurers pressure their clients to pay ransoms that are likely cheaper than the cleanup following an attack.
The FBI and security researchers suggest that ransom payments contribute to the spread of cybercrime and, in some cases, may ultimately be funding criminal organizations and terrorist regimes. One cybersecurity company executive was told by the FBI that hackers are specifically extorting American companies that they know have cyber insurance.
Discuss the issues around ransomware with your customers. Help them develop smart incident response plans and let them know the value of adding comprehensive threat intelligence.
Download the e-book, How to Develop a Ransomware Solution for Your Customers to begin the ransomware conversation. Or visit techdata.com/security.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like