A recent SANS Institute study concludes that organizations can effectively respond to ransomware attacks with a six-step plan.
According to SANS Institute, a number of signals can indicate that companies are or will soon be dealing with a ransomware attack. Recognizing these signals at an early stage, the organization notes, allows for a quick response and prevention of files and systems being encrypted.
Three signs of a ransomware attack
SANS Institute says the steps hackers take in setting up a ransomware attack can be summarized in three phases. In the first phase, they look for systems with poorly secured paths and compromise the systems to set up access points. Often remote access solutions are targeted in this process. In the second phase, they set up an email phishing campaign. In the third and final phase, known vulnerabilities are used.
SANS Institute researchers state that a proper incident response to these signals can prevent suffering. Once companies are attacked with ransomware, the clock starts running. Speed is of the essence; a plan of action is necessary.
Introduction six-step plan
As a first step, having a clear incident response plan is advised. This plan serves as the basis for all further follow-up steps. As a second step, companies need to identify the threat as soon as possible and, in the third step, thoroughly understand it.
Step four is to restore the most critical systems. In step five, the remaining systems and data are recovered. Last but not least, companies must learn from the attack for future situations. Thus, they must draw their conclusions about the response to the attack and turn them into a new contingency plan.