{"id":100315,"date":"2020-10-29T15:00:06","date_gmt":"2020-10-29T12:00:06","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/"},"modified":"2023-04-10T13:32:10","modified_gmt":"2023-04-10T10:32:10","slug":"how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/","title":{"rendered":"#How To Prepare For and Fight a Ransomware Attack \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2efafdac859\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2efafdac859\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Ransomware_on_the_Rise\" >Ransomware on the Rise<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Ransom_or_Restore\" >Ransom or Restore?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Prevention_is_Better_Than_Cure\" >Prevention is Better Than Cure<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Staff_Awareness_Training\" >Staff Awareness Training<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Staff_Susceptibility_Testing\" >Staff Susceptibility Testing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Principle_of_Least_Privilege\" >Principle of Least Privilege<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Spam_Filters\" >Spam Filters<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#End-Point_Protection\" >End-Point Protection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Patch_Patch_Patch\" >Patch, Patch, Patch<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Network_Architecture\" >Network Architecture<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Backup_Strategies\" >Backup Strategies<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Incident_Response_Plan\" >Incident Response Plan<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-prepare-for-and-fight-a-ransomware-attack-cloudsavvy-it\/#Report_It\" >Report It<\/a><\/li><\/ul><\/nav><\/div>\n<p>Ransomware is devastating, expensive, and on the rise. Protect yourself from infection with our guide, but plan for the worst too. Make sure you can recovery cleanly and quickly if ransomware strikes.<\/p>\n<div id=\"article-content-area\">\n<h2><span class=\"ez-toc-section\" id=\"Ransomware_on_the_Rise\"><\/span>Ransomware on the Rise<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ransomware attacks are increasing in frequency at a frightening rate. According to the\u00a0<a href=\"http:\/\/redirect.viglink.com?u=https%3A%2F%2Fwww.bitdefender.com%2Ffiles%2FNews%2FCaseStudies%2Fstudy%2F366%2FBitdefender-Mid-Year-Threat-Landscape-Report-2020.pdf&amp;key=204a528a336ede4177fff0d84a044482\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Bitdefender 2020 mid-year report<\/a>,\u00a0the number of global ransomware reports increased by 715 percent year on year. Ranked by the number of attacks, the United States comes out in first place. The United Kingdom is in second place.<\/p>\n<p>A ransomware attack encrypts your files and data so that you are unable to operate as a business. To return your systems to their normal operational states requires your servers and computer to be wiped and restored from backups, or the use of the decryption key to unlock your files and data. To get the decryption key you need to pay the ransom.<\/p>\n<p>Ransomware causes tremendous impacts that disrupt business operations and can lead to permanent data loss. Ransomware causes:<\/p>\n<ul>\n<li>Business downtime.<\/li>\n<li>Productivity loss.<\/li>\n<li>Revenue loss.<\/li>\n<li>Reputational loss.<\/li>\n<li>The loss, destruction, or public release of business-sensitive information.<\/li>\n<\/ul>\n<p>If you do pay the ransom you have that added cost, and you\u2019re likely to have residual malware infections and disruption following the attack<\/p>\n<p>You may think it won\u2019t h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>en to you. You may rationalize that belief by telling yourself you\u2019re too small, and the threat actors have bigger and better targets to hit. Why would they bother with a company like yours? Sadly, that\u2019s not how it works.<\/p>\n<p><em>Everyone<\/em> is a target. Far and above any other delivery method, email is still the number one delivery mechanism for ransomware. The <a href=\"https:\/\/en.wikipedia.org\/wiki\/Phishing\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">phishing attacks<\/a> that deliver malicious emails are sent out by software that uses mailing lists with millions of entries.<\/p>\n<p>All the email addresses from all the data breaches that have happened in the past ten years or so are available on the Dark Web. The\u00a0<a href=\"https:\/\/haveibeenpwned.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Have I been Pwned<\/a>\u00a0website lists over 10 billion of them. New email addresses are harvested every day and added to these mailing lists.\u00a0These are the email addresses that receive phishing emails. The threat actors don\u2019t care who they belong to, nor do they care.<\/p>\n<p>Very few ransomware attacks are selectively targeted. All the other attacks, 99 percent of them, do not stalk their victims and do deep reconnaissance. The bad guys aren\u2019t snipers. They\u2019re machine gunners who don\u2019t even bother aiming. They spray out emails willy-nilly then sit back to see who they\u2019ve managed to hit.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How To Check If Staff Emails Are in Data Breaches<\/em><\/strong><\/p>\n<h2 id=\"ransom-or-restore\"><span class=\"ez-toc-section\" id=\"Ransom_or_Restore\"><\/span>Ransom or Restore?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The cybercriminals\u2014the threat actors\u2014charge a ransom to provide the key. The ransom is paid in a cryptocurrency, typically in\u00a0<a href=\"https:\/\/bitcoin.org\/en\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Bitcoin<\/a>, although other cryptocurrencies can be stipulated by the threat actors. At the time of writing, according to\u00a0<a href=\"https:\/\/coinmarketcap.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CoinMarketCap<\/a>\u00a0there are over 7,500 active cryptocurrencies.<\/p>\n<p>Even though getting set up to trade in Bitcoin is relatively straightforward, it can still take days to get e-wallets and everything else in place. And for that whole period, you are unable to operate as a business or, at least, to operate effectively.<\/p>\n<p>And even if you do pay the ransom there is no guarantee that you\u2019re going to get your data back. The decryption side of ransomware is often shoddily written, and it might simply not work for you. Even if it does decrypt your files, you are probably still infected by malware such as rootkits, remote access trojans, and keyloggers.<\/p>\n<p>So, it might take days to be able to pay the ransom\u2014even longer if they ask for payment in a cryptocurrency that can only be purchased using\u00a0<em>another<\/em>\u00a0cryptocurrency\u2014and your system isn\u2019t going to be clean and trustworthy after it has been decrypted. Plainly it\u2019s better to bite the bullet and restore your systems from backups. After all, both in the\u00a0<a href=\"https:\/\/www.ncsc.gov.uk\/guidance\/mitigating-malware-and-ransomware-attacks\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">United Kingdom<\/a>\u00a0and in the\u00a0<a href=\"https:\/\/www.nist.gov\/blogs\/manufacturing-innovation-blog\/dont-let-your-business-be-digitally-kidnapped\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">United States<\/a>\u00a0we\u2019re advised against paying the ransom.<\/p>\n<p>Restore from backups it is, then. But not so fast. That\u2019s only possible if you have a robust backup procedure in place, the procedure has been adhered to, and your backups have been tested in dry-runs and simulated incidents.<\/p>\n<p>On top of that, the threat actors behind the most sophisticated ransomware have ways of ensuring that your backups are infected too. As soon as you wipe and restore your servers and computers you are already infected.<\/p>\n<p>Even so, backups are still the answer. But you need to plan and safeguard your backups in a way that protects them and ensures their integrity when you need them.<\/p>\n<h2 id=\"prevention-is-better-than-cure\"><span class=\"ez-toc-section\" id=\"Prevention_is_Better_Than_Cure\"><\/span>Prevention is Better Than Cure<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_7671\" class=\"wp-caption alignnone\" style=\"width: 700px;\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-7671 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/c5791e7d5aaf8c275794048fac166b70\/p\/uploads\/2020\/10\/eb17a8ba.png\" alt=\"\" width=\"700\" height=\"300\" data-crediturl=\"https:\/\/www.shutterstock.com\/es\/image-vector\/team-database-server-people-monitoring-maintenance-1328755559\" data-credittext=\"Shutterstock\/Ribkhan\" \/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a href=\"https:\/\/www.shutterstock.com\/es\/image-vector\/team-database-server-people-monitoring-maintenance-1328755559\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Shutterstock\/Ribkhan<\/a><\/span><\/figcaption><\/figure>\n<p>Nobody wants accidents at work: injured people, lots of paperwork, possible liability claims. But you still have a first aid kit on the premises. Yes, prevention is better than cure, but you must still assume that sooner or later you\u2019re going to need that first aid kit and trained first aid responders.<\/p>\n<p>The same goes for cybersecurity. Nobody wants to get hit by ransomware, and you do what you can to prevent it. But you need to have an incident response plan in place that you can turn to when malware strikes. You need a team of people who are familiar with the plan, who have rehearsed the plan, and who will actually follow the plan.<\/p>\n<p>It\u2019s too easy for the plan to be discarded in the heat of the moment. That cannot happen\u2014all of your responses to the incident need to be methodical and co-ordinated. That can only be achieved by following your incident response plan.<\/p>\n<p>We all have automobile insurance and we all hope we don\u2019t need to use it. An incident response plan is like that. You need it, but you don\u2019t want to be in a situation where it has to be deployed. Keeping your vehicle maintained and only allowing trained drivers behind the wheel reduces the likelihood you\u2019ll be in an accident.<\/p>\n<p>The following points will reduce the risk that you need to roll out your incident response plan.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Staff_Awareness_Training\"><\/span>Staff Awareness Training<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Most ransomware infections are due to someone falling for a phishing attack. Your employees are the ones on the email front line. They are opening and dealing with emails and attachments all day every day. Sometimes hundreds of emails. It only takes one phishing email to sneak through unspotted and you are infected.<\/p>\n<p>Obviously, your staff must have cybersecurity awareness training so that they can identify phishing emails and other email-borne scams and threats. And this must be topped up and reinforced periodically. Ransomware should be on your cybersecurity <a href=\"https:\/\/en.wikipedia.org\/wiki\/Risk_register\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">risk assessment register<\/a>, and staff awareness training should be one of your mitigating actions.<\/p>\n<p>One way to reduce email volumes is to try to drive down internal email. The less internal email there is the easier it is to focus and pay attention to the external email. It\u2019s the external emails that carry the risks. Business chat applications such as\u00a0<a href=\"http:\/\/redirect.viglink.com?u=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fmicrosoft-365%2Fmicrosoft-teams%2Fgroup-chat-software&amp;key=204a528a336ede4177fff0d84a044482\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Microsoft Teams<\/a>\u00a0and\u00a0<a href=\"https:\/\/slack.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Slack<\/a>\u00a0are great at this.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>Why Your Staff Are Your Cybersecurity Weak Link<\/em><\/strong><\/p>\n<h3 id=\"staff-susceptibility-testing\"><span class=\"ez-toc-section\" id=\"Staff_Susceptibility_Testing\"><\/span>Staff Susceptibility Testing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Training is great, but the icing on the cake is testing. It\u2019s easy to find a security firm or online service that will mount a benign phishing campaign.<\/p>\n<p>Employees who fail to recognize the faux-malicious email are obvious contenders for a refresher session in the training.\u00a0As well as measuring the susceptibility of your staff to fall for phishing emails, it is also a measure of the effectiveness of your staff awareness training.<\/p>\n<h3 id=\"principle-of-least-privilege\"><span class=\"ez-toc-section\" id=\"Principle_of_Least_Privilege\"><\/span>Principle of Least Privilege<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Make sure that processes and users are given the minimum access rights to perform their role-defined functions. The\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Principle_of_least_privilege\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">principle of least privilege<\/a>\u00a0limits the damage a piece of malware can do if a user account is compromised.<\/p>\n<p>Restrict who has access to administrator accounts and ensure those accounts are never used for anything other than administration. Control access to shares and servers so that people with no role-specific need to access sensitive areas cannot do so.<\/p>\n<h3 id=\"spam-filters\"><span class=\"ez-toc-section\" id=\"Spam_Filters\"><\/span>Spam Filters<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Spam filters won\u2019t trap every malicious email but they will catch some which is a great benefit. They will detect and quarantine the majority of regular, safe-but-annoying spam. This will further drive down the volume of email that needs to be dealt with by your workforce.\u00a0Reducing the size of the haystack makes it easier to spot the needle.<\/p>\n<h3 id=\"end-point-protection\"><span class=\"ez-toc-section\" id=\"End-Point_Protection\"><\/span>End-Point Protection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Of course, anti-virus and anti-malware packages, or a combined end-point protection package should be deployed, should be centrally managed and should be configured to update the signatures regularly. Users must not be able to refuse nor defer the updates.<\/p>\n<h3 id=\"patch-patch-patch\"><span class=\"ez-toc-section\" id=\"Patch_Patch_Patch\"><\/span>Patch, Patch, Patch<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Operating systems, firmware, and applications should be within the manufacturer\u2019s support cycle and not end of life. They must be patched up to date with security and bug fix patches. If patches are no longer available, stop using it.<\/p>\n<h3 id=\"network-architecture\"><span class=\"ez-toc-section\" id=\"Network_Architecture\"><\/span>Network Architecture<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>For all but the simplest of network designs, segment your networks to isolate critical computers, departments, and teams. They don\u2019t build submarines as long, open-plan tubes. They incorporate bulkheads with watertight bulkhead doors so they can seal off sections that have a leak.<\/p>\n<p>Use a network topology with segregated regions to similarly constrain the spread of malware. An infected segment is a lot easier to manage compared to an entire network.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Backup_Strategies\"><\/span>Backup Strategies<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Backups are core to a robust business continuity plan. You should back up your data using a scheme that can cope with any foreseeable crisis, whether cyber-based or not. The old backup mantra was the 3-2-1 rule.<\/p>\n<ul>\n<li>You should have three copies of your data: the live system and two backups.<\/li>\n<li>Your two backups should be on different <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>.<\/li>\n<li>One of those backups should be held off-premise.<\/li>\n<\/ul>\n<p>To be clear, just having another copy of your data isn\u2019t a backup. It\u2019s better than nothing, but backups are so important that they should be the best you can do on whatever budget you have. A real backup will be created by backup software and will have versioning capabilities.\u00a0Versioning lets you restore a file from a point in time. So you could restore a file in the state it was in at one o\u2019clock yesterday. Or from sometime last week, or last month. Your retention period and the capacity of your backup storage will dictate how far back in time you can go, and with what granularity.<\/p>\n<p>Backups should be encrypted.<\/p>\n<p>Image-based backups take an image of the entire hard drive including the operating. Changes to the live system can be drip-fed to the backup image every couple of minutes so the backup is very close to a real-time snapshot of the live system. All of the top-tier backup solutions can convert a backup image to a virtual machine image. The virtual machine can be spun up on new hardware in the event of a catastrophe. This lets you deploy new server hardware or overcome whatever issue has brought the live system down, while your backup runs as a stop-gap live system and your company remains operational.<\/p>\n<p>And of course, there are off-site backup solutions that allow you to backup to a location safely removed from your premises. So the 3-2-1 rule can be rewritten using any numbers you like. Have as many copies of your backups as it takes for you to feel comfortable, distributed across different locations, and stored on different hardware devices.<\/p>\n<p>However, none of that is going to save your bacon if the threat actors manage to infect your backups. Let\u2019s say the ransomware is set to delay for 28 days before it triggers. You\u2019ll have backed it up many times, to all of your backups.<\/p>\n<p>To combat this, immutable backups can be used. These are backups that cannot be written to once they have been made. This means they cannot be infected by ransomware or any other malware. A robust backup solution uses a layered and varied approach.<\/p>\n<ul>\n<li>You may implement versioned backups to local <a href=\"https:\/\/en.wikipedia.org\/wiki\/Network-attached_storage\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">network-attached storage<\/a> (NAS) devices for the fast recovery of accidentally deleted files.<\/li>\n<li>Your second layer could be image-based backups to local and off-premise storage. You could quickly restore a failed server in the event of a total server crash or hardware failure.<\/li>\n<li>If you round out your backup regime out with immutable backups that can never be tainted by malware you\u2019ll have a solid and comprehensive backup system.<\/li>\n<\/ul>\n<p>According to the size and complexity of your network, that can quickly become expensive. But compared to the price of failure, it\u2019s cheap. Don\u2019t think of it as paying for backups. Think of it as investing in business continuity.<\/p>\n<h2 id=\"incident-response-plan\"><span class=\"ez-toc-section\" id=\"Incident_Response_Plan\"><\/span>Incident Response Plan<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_7672\" class=\"wp-caption alignnone\" style=\"width: 700px;\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-7672 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/8e6129bc66a4e80d60f44ce9570ec32b\/p\/uploads\/2020\/10\/a8e38444.png\" alt=\"\" width=\"700\" height=\"300\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/police-units-responds-scene-emergency-1549338884\" data-credittext=\"Shutterstock\/Matt Gush\" \/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a href=\"https:\/\/www.shutterstock.com\/image-photo\/police-units-responds-scene-emergency-1549338884\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Shutterstock\/Matt Gush<\/a><\/span><\/figcaption><\/figure>\n<p>Not only is an incident response plan a vital tool in ensuring coordinated and effective responses to cyber incidents, depending on your business activities they may be mandatory. If you take credit card payments it\u2019s likely you must comply with the\u00a0<a href=\"https:\/\/www.pcisecuritystandards.org\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Payment Card Industry Data Security Standard<\/a>\u00a0(PCI DSS). The PCI DSS standard has several requirements regarding incident response plans.<\/p>\n<p>A typical incident response plan will contain these sections, each of which should be detailed and precise.<\/p>\n<ul>\n<li><strong>Preparation<\/strong>. All of the points mentioned above, together with any other defenses that your circumstances merit. Rehearsing the plan with dry-run incidents will familiarise your response team with the plan and will identify shortfalls or problems, allowing the plan to be refined. The more prepared your response team is, the better they will perform when needed.<\/li>\n<li><strong>Identification<\/strong>. The process of recognizing that an incident is underway, and identifying what type of incident it is. What is happening, who and what is affected, what is the scope of the issue, has data been leaked?<\/li>\n<li><strong>Containment<\/strong>. Contain the infection and stop it from spreading. Quarantine infected systems.<\/li>\n<li><strong>Eradication<\/strong>. Wipe the infected systems. Ensure the malware has been removed from\u00a0<em>all<\/em>\u00a0compromised machines. Apply any patches or security hardening steps that your organization has adopted.<\/li>\n<li><strong>Recovery<\/strong>. Which systems are a priority and should be returned to service first? Restore these from backups, and change the authentication credentials for all accounts. Restore from immutable backups if you have them. If not, verify that the backups are malware-free before restoring them.<\/li>\n<li><strong>Lessons Learned<\/strong>. How did the infection happen, and what would have stopped it? Was it an exploited vulnerability or a human error? What steps will plug the gap in your security?<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Report_It\"><\/span>Report It<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Don\u2019t forget to report ransomware as a crime. You may also need to report the incident to your regional or national data protection authority. In Europe\u2014because you lost control of the data while it was encrypted\u2014a ransomware attack is considered a data breach under the <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32016R0679&amp;qid=1600605964569&amp;from=EN\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">General Data Protection Regulations<\/a> even if no data was actually stolen or lost. You may have legislation that governs you that upholds this concept, such as the United States\u2019 <a href=\"https:\/\/www.govinfo.gov\/app\/details\/CRPT-104hrpt736\/CRPT-104hrpt736\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Health Insurance Portability and Accountability Act<\/a> of 1996 (HIPAA).<\/p>\n<p><strong>Related article : <a href=\"https:\/\/www.mamori.io\" target=\"_blank\" rel=\"noopener\">Cyber-secure your business in a few clicks<\/a><\/strong><\/p>\n<\/div>\n<blockquote>\n<p style=\"text-align: center;\"><strong>For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/7639\/how-to-prepare-for-and-fight-a-ransomware-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware is devastating, expensive, and on the rise. Protect yourself from infection with our guide, but plan for the worst too. Make sure you can recovery cleanly and quickly if ransomware strikes. Ransomware on the Rise Ransomware attacks are increasing in frequency at a frightening rate. According to the\u00a0Bitdefender 2020 mid-year report,\u00a0the number of global&#8230;<\/p>\n","protected":false},"author":1,"featured_media":100316,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2020\/10\/c1f26b82.png","fifu_image_alt":"#How To Prepare For and Fight a Ransomware Attack \u2013 CloudSavvy IT","footnotes":""},"categories":[18],"tags":[134130,142308,142305,142307,142306,74713],"class_list":["post-100315","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-bitcoin-2","tag-coinmarketcap-2","tag-cyber-secure-your-business-in-a-few-clicks","tag-microsoft-teams","tag-network-attached-storage-nas","tag-slack"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/100315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=100315"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/100315\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/100316"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=100315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=100315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=100315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}