Be prepared, not scared of Ransomware attacks (Guest blog by Hitachi Vantara)

How well is your company protected against the threat of ransomware attacks?

Ransomware should be considered as a high priority issue for all public sector organisations. The recent attack on the National Health Service (NHS) in the UK, which left some Trusts without access to critical software systems for up to two months, is a stark reminder of the devastating impact that ransomware can have.

To protect themselves from similar attacks, companies must take a multi-faceted approach and need to have a fast, predictable, and reliable plan in place for when their systems are infected.

The 6 steps to be prepared:

1. Backup

One of the most important steps that companies can take to protect themselves from ransomware is to ensure that their data is properly backed up. This means keeping copies of important files and databases on separate servers or storage devices that are not connected to the network. This will ensure that even if the ransomware encrypts the files on the primary server, there will still be a clean copy that can be used to restore the system.

2. Disaster Recovery

In addition to having proper backups in place, companies should also have a disaster recovery plan in place that outlines the steps that will be taken in the event of a ransomware attack. This should include procedures for quickly identifying and isolating the infected systems, as well as procedures for restoring the backups and getting the systems back online as quickly as possible.

3. System Updates

Another key aspect of protecting against ransomware is to ensure that all systems are kept up to date with the latest security patches. This includes the operating system and any third-party software used on the systems, such as web browsers and office applications. This will help to close any vulnerabilities that the attackers may be exploiting to gain access to the systems.

4. Endpoint Security

Another measure companies can take to protect their systems from ransomware is to implement endpoint security software, such as antivirus and anti-malware programs. These programs can help to detect and block any malicious software that may try to infiltrate the network. Additionally, implementing intrusion detection and prevention systems (IDPS) can also help detect and prevent malicious traffic from entering the network.

5. User Monitoring

Another important practice is to limit the number of users who have access to sensitive data, and to be vigilant about monitoring the systems and networks for suspicious activity. This will help to reduce the risk of a successful attack, as well as to quickly identify any breaches that do occur.

6. Negotiation

Finally, companies should also be prepared to negotiate with the attackers if a ransom attack occurs. It is important to note that the UK National Cyber Security Centre advises not to pay the ransom in case of a ransomware attack. While it may be tempting to quickly pay the ransom to regain access to important files and systems, there is no guarantee that the attackers will provide the decryption key even if the ransom is paid. Additionally, paying the ransom may encourage the attackers to target more organizations in the future. Instead, organizations should focus on implementing robust storage and backup measures and a comprehensive incident response plan to minimize the impact of an attack and quickly restore systems without having to rely on the attackers.

Conclusion:

By taking a multi-faceted approach that includes proper backups, disaster recovery planning, system updates, endpoint security, monitoring, and negotiation, companies can reduce the risk of a successful ransomware attack and minimize the impact if one does occur.

Register here for a webinar looking at the threat of ransomware attacks on 10 February

Authors

Veronica Di Segni

EMEA Field Marketing Manager, Hitachi Vantara

Veronica Di Segni is an experienced marketing professional with a passion for technology and an international background. Veronica has 7 years of career background in marketing for tech companies such as IBM, Hewlett Packard Enterprise and now works as the EMEA Field Marketing Manager at Hitachi Vantara.