Businesses are increasingly operating remotely and leveraging internet-connected technologies extensively for their business and operations. This move towards digitalisation has also increased the exposure of businesses to the rising risks of ransomware.
Ransomware targets victims by holding their data hostage and demanding ransom from the victims. In some instances, victims' data might be exfiltrated. Businesses may feel compelled to pay the ransom when they have no backups to restore business operations or when attackers demand ransom in exchange for not divulging sensitive business information.
The recent spate of disruptive, high-impact ransomware attacks have elevated the profile of ransomware attacks from being a sporadic and isolated risk affecting a small number of devices or computer systems, to a wider scale threat that targets hundreds or even thousands of computers. This type of disruption would adversely impact businesses operations and business continuity. In some of these attacks, business operations were disrupted, not because the core business-critical systems were hit, but because the ransomware attack affected the IT systems that business operations were critically dependent on, and operations had to be halted.
Attackers commonly gain access via phishing methods, such as phishing emails, or remote access tools that can allow them to gain access, move around the network, and find high-value targets to steal data and start the ransomware encryption or data exfiltration. The availability of Ransomware-as-a-Service has also made ransomware attacks much easier to deploy.
Businesses need to take preventive measures to mitigate the risks and also be prepared to deal with a ransomware incident, before it happens.
Practise Good Cyber Hygiene and Back Up Critical Data
As the tactics employed by ransomware threat actors are fundamentally the same, practising good cyber hygiene remains an important step in preventing a ransomware attack. Businesses need to secure and monitor their networks and systems closely for suspicious activities, and raise employees' awareness of cyber threats such as phishing. Businesses should also ensure that security patches are applied in a timely manner, especially for business-critical functions. Importantly, prepare a backup and recovery plan for critical data and perform offline data backups regularly.
Identify and Protect Business-Critical Assets
Businesses should prioritise the identification and protection of their core business-critical assets. Threat actors may use connections between the networks/systems to discover and access business-critical assets. As such, it is essential to understand how networks/systems and business-critical assets connect and depend on each other, to prevent ransomware from spreading as well as to respond and recover from cyberattacks more effectively. Implementing network segmentation can limit interactions with business-critical systems and prevent ransomware from spreading in the network, in case of an attack.
Prepare Business Continuity Plans
Businesses should also work out Business Continuity Plans (BCPs) with measures tailored for their business needs to minimise impact to their operations in the event of an attack. BCP drills should be conducted with operational departments and key decision-makers so that all relevant stakeholders are familiar with the drills. In addition, the BCP should also be updated when there are important changes in assets or stakeholders.
Businesses will continue to be targeted as long as ransomware remains profitable. Businesses need to take preventive measures and mitigate the risks before it happens. The best method to prevent an incident is by securing networks/systems to make it hard for the attacker to breach the network. However, businesses that have been hit can recover more quickly and confidently if they have a well-developed BCP, have a good understanding of their assets and business-critical functions, and are able to execute business recovery procedures expediently.
For more preventive measures and recovery steps, please visit our advisory on ransomware