Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


By Stuart Davis, Director of Incident Response Services, CrowdStrike

It’s happened. Intruders have broken through your defences into your organization’s cyber environment. The dreaded ransomware note is glaring at your IT manager. Panic ensues. The note is not only demanding a large crypto payment, but it is also threatening to leak your sensitive customer information and destroy your organization’s reputation. This is your short window to rescue your company. A well-formulated ransomware recovery plan can save enterprises time and money and help them prepare for and respond to the next attempt.

When a ransomware disaster beckons, every detail is critical in protecting the business’ reputation and preserving the customer’s trust. There is a small window of opportunity to react during a breach, and it requires coordinated internal response efforts and swift decision making.

Preserve systems

After a ransomware attack, every instinct and fibre in an IT manager’s body might be saying to disconnect the whole system, but in this case, the classic IT ‘fix’ of switching it off and on again can be incredibly counterproductive. Shutting down the network will alert the threat actor that they have been detected. So, to prevent a game of “whack-a-mole” from ensuing, best practice states that all systems should be kept online. The attacker will probably compromise additional systems to establish new forms of persistence that may go undetected or have already prepared backdoors for these situations.

Many targeted data breaches first occur months before threat actors demand any payment. This is why log data is often crucial in determining how the incident started. Without understanding how the event happened, a double ransom situation may likely take place. For example, an organization that did not identify the rotten roots of a previous attack experienced ransomware re-deployment and paid another ransom just two weeks later. So, it is vital that logs are preserved and that critical server backups are available for inspection.

Coordinate solutions

In a time of cyber crisis, it is even more important that internal communications are well-established. IT, security, legal, management and public relations must be kept informed of the status of the data breach to allow the formulation of a response and the communication with regulatory agencies as well as customers. But it is also important to note that threat actors are skilled in espionage and it is likely that internal communication channels may be compromised. So, additional out-of-band communications should be established.

Call in forensics

Sophisticated threats require next-generation antivirus responses. Long gone are the days of legacy signature-based antiviruses. Deploying a cloud-based EDR solution is essential to enabling security staff to detect, prevent, record, search in real-time and accelerate ransomware recovery time.

Businesses need to begin looking at a ransomware incident like a crime scene. Endpoint forensic investigations can help enterprises determine key insights such as how many systems have been accessed or compromised, what data may have been accessed, how long the incident has been occurring, the initial attack vector, persistence mechanisms in your environment and exfiltrated data.

This data is imperative to preventing another attack. It also gives businesses the opportunity to re-evaluate their security infrastructure and policies, identify weak points and determine which data requires the most amount of protection going forwards.

Remediate the attack

The key goal of remediation is to completely remove the threat actor’s presence from the environment and limit their ability to return in another way. Remediation techniques can include isolating critical systems from the broader network, blocking access to the adversary’s command and control infrastructure, removing and completely refreshing infected hosts and performing credential resets.

A key aspect of remediation and an effective incident response plan is partnering with a proficient cybersecurity provider. Experienced cyber intelligence professionals can provide a comprehensive approach that ensures no threat goes undetected in the environment, accelerate time-to-visibility and remediation, reduce business interruption losses and minimize cyberattack impact.

Ransomware preparation and cybersecurity awareness has become as necessary as marketing or sales to businesses. It is important to note that companies should also evaluate their long-term cybersecurity goals along with immediate incident actions and responses. Preparing to prevent the next attack by having immaculate cybersecurity hygiene, carrying out ransomware tabletop training exercises and understanding threat intelligence is as important as the incident response.

Following these steps may be the only way you can mitigate the bleeding of valuable data and company assets. You need to fight fire with fire. Don’t bring a legacy antivirus to a sophisticated ransomware fight. Investing wisely and early will ensure that your company makes it through this ransomware pandemic.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts