The holiday season is a time for loved ones and celebrations, and unfortunately, also a prime opportunity for cybercriminals to strike. With many companies operating with reduced staff and employees taking time off, the risk of falling victim to ransomware increases.
As businesses wind down for the holidays, it’s important to adopt a proactive approach to cybersecurity to safeguard against potential threats and when the inevitable attack does occur, mitigate the impact of an attack.
Here are the five steps to when ransomware strikes during the holidays.
Know the blast radius
The first step in responding to a ransomware is understanding the extent of the damage. This is commonly referred to as determining the “blast radius.” Identify the scope of the breach by assessing which systems have been compromised. This includes understanding the entry points of the attack, whether it originated through phishing emails, vulnerable software, or other means. By understanding the blast radius, an organization can begin to formulate remediation tailored to the specific nature of the breach.
Know which servers were impacted and get them offline
Once the extent of the ransomware is determined, isolate the affected servers. Time is of the essence in containing the spread of any cyberattack and taking compromised servers offline will prevent further damage. Ensure that the isolation process is thorough and includes disconnecting affected servers to stop the lateral movement of the attack. Immediate action helps minimize the impact on other connected systems and buys valuable time for the next steps in the recovery process.
Know the specific files that were corrupted – and bring out the backups
Understanding the specific files that have been corrupted is key for an effective recovery. Regularly backup your data to a secure and isolated environment. When an attack occurs, use these backups to restore the compromised files and systems. This step is contingent on having a robust backup strategy in place, including frequent backups and regular testing to ensure data integrity. Leveraging these backups not only facilitates a faster recovery but also reduces the leverage cybercriminals have when demanding ransom for the release of encrypted data.
Know what departments were impacted and if sensitive data was exfiltrated
In the chaos of a cyberattack, understanding the specific departments impacted is essential for assessing the exposure of sensitive data. Identify the servers linked to affected departments and scrutinize the nature of the data stored on those servers. Determine whether any sensitive or confidential information has been compromised, and if so, take immediate steps to notify relevant parties. Timely communication is vital in mitigating the fallout of a data breach and preserving customer trust.
Know if there is malware hidden in the backup
As part of the recovery process, it is important to confirm the integrity of corporate backups. As we know cybercriminals are becoming increasingly sophisticated, and some may embed malware into backup systems, making them unreliable or even using them to perpetuate the attack when restored. Conduct thorough malware scans on backup files before initiating the recovery process. Additionally, consider maintaining an offline backup system to further safeguard against the risk of hidden malware in online backups. Regularly update and monitor your antivirus software to stay ahead of evolving cyber threats.
The holiday season brings with it some unique cybersecurity challenges including reduced staff that increases an organization’s vulnerability. By adopting a proactive and informed approach to cybersecurity, businesses can minimize the impact of attacks and ensure the quickest recovery possible.
The steps are practical – understand the extent of the cyberattack, isolate affected servers, use backups, and safeguard against hidden malware to protect corporate data during the holiday and beyond. Stay vigilant and enjoy a cyber-safe holiday season.