Ransomware Attacks: A Proactive Response Guide for Businesses
Tue 4 Jul 2023
Ransomware attacks on a business can compromise an entire supply chains and limit their ability to operate. Understanding the best ransomware response tactics becomes paramount to safeguard business continuity and reputation.
The current state of ransomware
Threat actors are likely to demand a ransom payment soon after any successful ransomware attack, with even small businesses facing demands for thousands of pounds.
Hiscox, on the other hand, found the media ransom paid by victims to be under £7,900 ($10,000). In its Cyber Readiness Report, the insurance group suggested that lower payouts show that ransomware is now a commodity attack used by less sophisticated attackers rather than complex attacks solely affecting bigger businesses.
In research conducted by Sophos, Singapore experienced the highest number of attacks in 2023, while the UK suffered the fewest. The most common entry point for threat actors is often through email and phishing, proving that the weakest link remains human.
To recover their data, some firms decide to pay the attacker. Of those that are hit with ransomware, almost half of organisations pay the ransom, while up to 80% of paying victims could be attacked again.
How to respond to a ransomware attack
During a ransomware attack, the National Cyber Security Centre (NCSC) recommends that businesses identify and disconnect any infected devices.
By recognising and isolating all systems that have been compromised by a ransomware attack, firms may be able to limit the spread of malware and reduce the potential expansion towards other systems.
Cyber experts and law enforcement organisations agree that firms should not give in to demands.
The National Crime Agency strongly advises businesses not to pay the attacker. In a reminder by the NCSC, even if the ransom is paid, there is no guarantee that access to infected systems will be restored. In fact, Hiscox’s research showed that only 59% of companies that paid the ransom retrieved all their data.
If critical systems are impacted by the ransomware attack, it is essential that these are prioritised for recovery. The NCSC emphasises that backups should only be restored once the business is confident that both the backup and the connected device are both free from threat.
Transparency after an attack
Once the triage aspects of a ransomware attack have been dealt with, businesses are advised to inform all staff and customers that a breach has occurred.
Transparency is key to inform all stakeholders about how the attack will impact their operations and any changes necessary to their immediate plans.
Regulations, including GDPR, require companies to report the attack to the Information Commissioner’s Office if customer data belonging to European Union citizens is compromised. Companies have three days to report any breach, or face potential fines of up to 4% of annual global turnover or £17.5 million.
While major companies may have a comprehensive IT security team to deploy a plan of action, smaller firms may require the skills of external IT experts to take over during a crisis event like a ransomware attack.
Protecting against ransomware attacks
Two initiatives by cyber experts that increased during 2022, included building a ransomware incident response plan and simulating a cyber attack to examine a company’s cyber resilience in detail.
Hiscox reported that cybersecurity experts have implemented additional cyber security and audit requirements (41%), improved necessary preparations for cyber attacks (39%), and improved employee training (39%).
As a result of this preventative activity, one in six experts found their exposure to attacks has decreased.
Businesses could also benefit from schemes to help guard them against cyber threats.
The UK Government-backed scheme, Cyber Essentials, aims to protect small and large businesses from common cyber security threats by addressing and preventing the most common attacks.
Certification within this scheme, and the more in-depth Cyber Essentials Plus, can help reassure customers and deliver transparency on a business’ cybersecurity posture.
A strategic and proactive response to ransomware attacks is critical. By implementing a comprehensive approach to cyber threats businesses can enhance their resilience whilst safeguarding their operations and reputation.
Hungry for more tech news?
Sign up for your weekly tech briefings!