The Era of Ransomware: How to Respond in a Crisis


By Raffael Marty, SVP, Product, Cybersecurity at ConnectWise

Ransomware continues to dominate the headlines. No matter which industry you are in, you can become a victim of a significant breach at any moment. According to a survey from Deloitte, 65% of U.S. executives say ransomware currently poses a “major concern” to their organization.

One of the top cyber threats currently affecting companies is called ‘phishing’, in which a threat actor poses as a legitimate business colleague but follows up with a ransomware attack. The incident can result in compromised customer data, a tarnished reputation, and loss of productivity. In fact, research from Coveware suggests that the average amount of downtime caused by a ransomware attack is 21 days.

Have an Incident Response Plan

Organizations regularly believe they will not be a victim of ransomware. However, it is critical to always prepare for the worst-case scenario. Developing an incident response plan that provides detailed roles, responsibilities and goals can be an effective way to organize your preemptive response.

At a high level, here are the steps you will need to quickly take for an effective ransomware response:

  • Step 1: Identify the systems that have been infected by the ransomware.
  • Step 2: Isolate the infection by disconnecting or isolating infected systems from the rest of the network.
  • Step 3: Use backup and disaster recovery (BDR) software to restore systems and data from backups taken before the network was infected by ransomware.
  • Step 4: Review all the facts surrounding the ransomware attack to figure out how it started so you can begin to put additional preventive measures in place.
  • Step 5:File a thorough, detailed report about the incident to the FBI’s Internet Crime Complaint Center (IC3).

It is worth emphasizing that ransomware is unfortunately not going away anytime soon, especially in today’s work from home environments. Our adversaries are also growing stronger and are getting more and more organized (also see ransomware as a service). In order to ensure a secure future, we must deter these cyber criminals by harnessing formidable power and strategy.

Pre-Crisis Opportunities

Businesses and organizations everywhere no longer have the benefit of believing they will not be a victim of a significant cyber attack. Following the recent wave of ransomware strikes that have bombarded headlines, every organization should prepare their cyber defenses for the worst. Implementing the guidelines below can help prevent breaches.

  •              Asset discovery
  •              Software Patching
  •              Backing Up Data
  •              Securing Endpoints

Asset Discovery

When an endpoint is not managed or monitored, it becomes a prime target for criminals who actively look for vulnerabilities. Accounting for all of your assets not only increases your operational productivity, but it can also lower your overall security risk.

MSPs can only manage the assets they have on record, which is why asset discovery featuring automated network scans is an important service. With ongoing scans, your MSP can quickly locate, monitor, and analyze new devices and their health when they join the network.

Software patching

Your MSP must monitor and manage these endpoints and applications effectively. Keeping operating systems and applications current and up-to-date is essential to reduce the cybersecurity risk level of your MSP business and customers. A remote monitoring and management (RMM) tool helps with application inventory and continuous patching. This technology enables you to automatically deploy updates to endpoints, ensuring that you never fall behind with your patching needs. You should also ensure that your anti-virus and anti-malware solutions are set to automatically update their signatures and run regular scans.

Backing up data regularly

We have all been victims of not backing up data. For MSPs in particular, it is essential to routinely back up data to prevent any cyberattack disruptions. Another top priority is designating a secure location for this critical data. Moreover, MSPs should use a solution that can assist with streamlining the service management process. The last thing any CISO wants to hear is that their backups have become infected or breached in the event of a ransomware attack.

Endpoint Protection

In addition to guarding, monitoring, and protecting your data, you must also have an option for endpoint protection. Endpoint detection and response is unequivalently necessary if an organization is to ever identify the root of a vulnerability.  Endpoint vulnerabilities are the easiest route for hackers to leverage an advantage. Ensuring that all endpoints are monitored by a professional and seasoned security team can be the determining factor whether or not you become a victim of a cyber-gang. In our 2021 MSP Threat Research Report, we found that nearly 60% of MSP client incidents were related to ransomware.


No posts to display