Ransomware – a Business Continuity Plan for Risks
Organizational threats posed by ransomware
In the times of 1990s, ransomware attacks aimed at taking down a single network were common.
Attacks cost more and occur more frequently
The goal of ransomware is to scare organizations or people into demanding their employer pay the ransom.
Providing ransomware as a service (RAAS)
According to the 2022 Sophos Threat Report, ransomware-as-a-service (RAAS) took off in 2021. With comparatively fewer attacks by single ransomware groups. Ransomware as a service entails a developer renting out malicious code and infrastructure to third parties.
The four specialist ransomware developer groups – Conti, Ryuk, REvil, and Ragnarok. They were behind almost half of all reported attacks over the past year. Conti is credited with the most attacks, according to Sophos research. The Russian-language implementation guide of Conti was leaked earlier this year by a disgruntled ex-affiliate. Which revealed how to implement the software step-by-step. Experts such as Donovan view it as a treasure trove. They say “We use it to teach our people how to better defend, prevent and respond to attacks.”
During the attack on the Colonial Pipeline this year, RaaS was used. According to reports, it was the most disruptive attack in US history. In the end, US investigators recovered a substantial amount of the ransom paid in Bitcoin, but such success is rare.
Is Ransomware a concern? How to mitigate the risk for legal counsel
Ransomware attacks are increasing as well as evolving. A recent trend has been to target organizations with sensitive financial positions and who might be more willing to pay to keep that information secret. You can mitigate the impact of these events and reduce their chances if you are not sure how your business would react to these multifaceted, sometimes devastating attacks.
Build a robust data and system infrastructure
Developing resilient systems, which include regular, robust data backups, is one of the best steps you can take to minimize the impact of ransomware. Business continuity planning is also recommended. Backup and restoration plans will be based on that criticality assessment, prioritizing operations based on criticality. There should be an emergency access plan in that plan. For example, if your communication systems are down, your plan should consider how you will function until the systems are back online. Whether you have not adjusted your plan for ransomware attacks, or if you have not assessed whether you are willing to forego paying a ransom for the time it takes to recover, you should address these issues as soon as possible.
Put in place strong data governance, or at least limit the amount of data retained
In addition to data minizimation evolving into a legal requirement, state privacy laws are also becoming more comprehensive. Additionally, enhancing data governance should provide your organization with a clearer understanding of what types of data it uses and stores, where that data is located, and what security measures are in place to protect that data.
Encourage the use of structured data instead of unstructured
As for good data governance, it can also reduce or avoid unstructured data. An example is an email. It can be difficult to determine what is in an email account or shared drive when it does not have any real structure, unlike a database, which may have a specific purpose or specific types of data. In attack cases involving repositories that lack structure, it is usually necessary to search the entire content and generate an inventory of the affected information.
It can be time-consuming and costly to review and inventory impacted data in an unstructured repository.