top of page
  • Writer's pictureSharon Caro

The steps you take today will help reduce the impact and power of a ransomware attack

Morning news We come across articles in the media about companies that were damaged as a result of a cyber-attack. The starting assumption today is that we are all in the crosshairs, individuals as well as organizations, our information is of interest to the hackers who want to cause us harm and earn large sums.

This morning it was reported about a cyber-attack on the Technion Institue in Israel, in which the information was encrypted, and the organization received a ransom demand of 80 bitcoins.

This is not the first case of an attack on academia in Israel when at the end of 2021 a cyber-attack occurred right here on Bar Ilan University which also caused the deletion and encryption of the information.

Ransomware attacks are evolving.

If in the past the threat was to encrypt information and request a sum in order to release it, now we also see elements of double extortion, when in addition to the ransom that the attackers request in order to release information, there is also a threat of spreading the information and causing significant image damage.

In recent years, the attackers have also gone up another level, when they also approach customers of the attacked company or its partners with additional ransom demands in exchange for not publishing sensitive information or another attack such as denial of service if their demands are not met (extortion techniques are being refined and multiplied). Today, being a cyber criminal is not a very complicated task when the tools developed by cyber criminals are for sale (Ransome as a Service) so that any criminal can use them.

With the frequency and severity of ransomware attacks only increasing, preparing before an attack occurs is much cheaper and easier than dealing with the recovery process after an attack.

Here are 7 steps you can take right now to make the trouble smaller:

1. Strengthen employee awareness

There is nothing to do, the human factor is the one that scares us the most. We refreshed the employees and customers, so that they will know what they are facing. Implementing an information security awareness program through trainings, tests and updates, keep employees who know and are aware of the dangers. Higher awareness will help the defense to be stronger. You can use the employee ads presentation, which we have prepared for you to do this.

2. Work from home? Do it right

Use a VPN or two-step verification, or better yet, combine both.

Define complex passwords, it is recommended to use a phrase consisting of several words combined with numbers and characters, and not a password that is only letters and numbers.

3. Make backups

In many cases, companies that are hit by a ransomware attack find that their backups are not in good shape, or they are missing valuable information. This could be seen in the attack against Colonial Pipeline where they paid the attackers early in the attack because they were afraid that it would take them a long time to recover the information from the backup. Ironically, after they paid they found that the decryption tool was so slow that they decided to restore the data from the backup anyway, so it's not clear how much they needed the decryption software. When the moment comes, you have to rely heavily on your backups.

The 3-2-1 strategy is always a good place to start: Have 3 copies, at 2 media locations, 1 always offline.

4. Know how to restore your backups

Backups for computer systems are very important, but you need to know how to restore the backup, and not just after a failure or problem. In the midst of a data security incident, it is already too late to try and locate all the failures that are slowing down the data recovery process.

Make sure you have a fast recovery solution, in this case, manual backups will be ineefective.

5. Be prepared to restore

Implementing an enterprise-wide disaster recovery exercise can be a little intimidating. You don't have to start big, instead, you can choose a certain part of the organization and practice recovery only in it - something that will be much more applicable. It is almost certain that after doing such an exercise you will discover that there are things that need to be changed. This is news that should be discovered while you are not under attack, which significantly reduces the pressure.

In addition, carrying out an exercise of this type heralds good news for the senior management level, who realizes that the team learns while doing and thus becomes more prepared. You won't know if the backup was successfully restored until you try to restore it.

Remember that the best time to check a backup is before the emergency in which you will need it.

6. Arm yourself in defense

Organizations realized that the question is no longer "will a ransom attack hit us", but "when will it hit us". Everyone is on target and proactive defense, one that focuses on reducing the chance of an attack in advance, is the one that will help significantly better than tools to deal with after an organization has been attacked.

Solutions to prevent attacks are the basis, the first important step to be taken and it is important to use the services of companies that invest resources in this.

However, today the evidence in the world of information security has expanded, when the insight is strengthened that prevention solutions are necessary, but do not provide a comprehensive view of the whole picture - and therefore need to add layers of protection to identify events. The view is broader, not only solutions for prevention, but also referring to the elements of identifying the threat, observing it, dealing with it and responding. An organization that knows how to manage security incidents will be able to succeed.

7. Make a plan for yourself

You should have an emergency plan. For example, do you have a person in the organization who is responsible for security crises in the organization? Do they have an orderly procedure? Or maybe you can trust your team to cover the damage caused by the attackers? It is difficult to make such decisions during an active attack, so early preparation can be very beneficial.


Tech background
bottom of page