The Ransomware Threat: How to respond and protect your organisation
Imagine you're an IT administrator and have just started your workday, getting ready to check the status of your organisation's critical applications. But as you turn on your laptop, you see a chilling message: "Your files have been encrypted. To recover access, you must pay a ransom of $2 million in bitcoin." The attack compromised all your organisation's important documents, customer data and product information. To make it even worse, you have 72 hours to comply. Otherwise, you will lose the data permanently. While this is a reality for many organisations, there are actions you can take to respond to ransomware and protect your data.
Ransomware and data theft extortion continue to be pervasive threats, with business email compromise and fraud among the top self-reported cybercrimes for businesses and individuals in Australia during FY2023–24. These attacks are highly destructive, causing significant harm to individuals, organisations, and wider society. Professional and technical service firms have been among the primary targets of ransomware attacks in Australia, ahead of sectors such as retail trade, manufacturing, healthcare, and construction.
According to the Annual Cyber Threat Report 2023–2024, approximately 71% of extortion-related cybersecurity incidents handled by the Australian Signals Directorate during the 2023–2024 financial year involved ransomware. Federal government data also reveals that the average cost of a cybercrime incident is around $71,600 for large businesses and approximately $97,200 for medium-sized ones. For small businesses, the average cost is about $46,000, an increase of roughly 14% compared to 2023. These figures highlight the growing financial impact of cyber threats and the critical need for organisations of all sizes to be prepared.
Here are some key recommendations on how to survive a ransomware attack:
Maintain an incident response and recovery plan.
No matter how hard you work, stopping an incident from happening can be unpreventable. However, you can focus on your incident response and build a recovery plan. But make sure this is not just a written plan that you touch occasionally. Practice, test and simulate often, making sure you are ready to minimise the impacts of an attack and are confident in getting the organisation back to operational. Penetration tests and vulnerability management are good practices to use to keep you up to date with your plan.
Remember to identify who the key players are in advance. Who will you call when a breach happens? Identify your recovery team and ensure they are ready, including a law firm and a cyber insurance company. You need to outline the necessary steps to work with the Australian Signals Directorate and consider cyber insurance as part of your resilience strategy.
Manage your communications.
Communicating effectively is key to a crisis scenario, and it's not different in a ransomware situation. You need to create communication guides as part of your Incident Response Readiness (IRR) plan. These playbooks should include a work-back plan with timely and clear communications for inside the organisation as well as consider what messages might be needed for external stakeholders. Ransomware attacks may require a media statement, and you should establish what to do in these cases. Working with your communications and legal teams is critical to adhering to regulations such as notifying authorities, customers and so on.
Ensure robust data protection.
Having critical data in an isolated, immutable data vault will help you recover services and systems in order of importance.
As part of your recovery, you can use techniques like a "clean room," which is a method that involves creating a secure, isolated environment to rebuild systems. This approach ensures that you have a secure recovery process, and you are not using compromised resources. And most importantly, make sure the data that you can recover is complete and accurate.
Paying the ransom should be your last resort as there is no guarantee the hacker will return your data. And even in that scenario, you don't get your systems back right away. You still need to get your applications and infrastructure back to operational - essentially rebuild and test everything back.
Train and educate employees.
Another critical part of your ransomware strategy must include training and educating employees regularly. The root cause of many breaches comes down to employee-level breakdowns. Attackers can compromise an employee's credentials to gain access to the corporate network, or someone can fall victim to a phishing scam, which opens the corporate doors to an attacker. Educating employees about phishing tactics and password management is the first line of defense.
Readiness pays off.
While facing ransomware can be stressful, having a strategy in place can lessen the impact of financial losses, operational disruption, data loss and reputational damage. You can survive by maintaining an incident response and recovery plan that engages your full team in minimising the impact of the attack. Make sure you have a strong data protection strategy in place and that you are constantly training and communicating with your employees. By taking proactive steps, you reap the benefits of planning in advance and preserving your most critical assets.
As ransomware threats continue to evolve, it's crucial to continually review your organisation's strategy, raise awareness among employees, and reinforce your commitment to safeguarding data.
Learn more about ransomware and the solutions offered by Dell Technologies here.
