June 5, 2019

What is ransomware? Exemplifying incident response

Highlighting the critical need to have a fully formed, robustly tested Incident Response plan in place as part of your core cyber security toolkit.

Despite the increased media attention of the past few years, ransomware is not a new phenomenon

In fact with the first documented case occurring in 1989 it’s positively ancient by malware standards.

Over the course of time Ransomware has inevitably evolved to the point where today it’s a commoditised attack that can be consumed ‘as a service’, driving the amount of attacks up and hitting the headlines more and more frequently.

How to respond to an attack properly

That brings us to one of the most recent reported cases, Norsk Hydro the multinational manufacturer. So, what makes this different from the NHS ‘WannaCry’ outbreak, or the San Francisco Municipal Transportation Agency infection? The short answer is: the response. There are some interesting parallels between Norsk Hydro and plenty of other reported cases. Big, complex organisations with multiple sites spread across a diverse geographic range reliant on technology to run their organisations. But where Norsk Hydro stands out is that it had a plan and put it into action with successful results.

The detail of this has already been covered here, but what this case highlights is that by having the proper processes in place your business is able to recover from a bad situation and come out relatively unscathed.

The company is an employer of 35,000. Meaning this attack had the potential to cause serious issues for their reputation and operational efficiency. The impacted systems were all Microsoft Windows based and were locked with sophisticated interface disablement, which was supported by encryption. Even every user account within their infrastructure had an altered password.

The situation was clearly severe. But in utilising an organised and pre agreed procedure. Norsk demonstrated the best way to respond to an attack, with maximum communication via unaffected 365 and the backups in place to avoid paying the ransom.

The CCL difference

More often than not when CCL receives calls for assistance, when we start to ask questions about the Incident Response plans or process we are met with silence or an answer along the lines of “I’m sure we’ve got one of those somewhere…”.

Given the ever-increasing risk posed by cyber-attacks to businesses of all shapes and sizes, having a plan to deal with the worst when it happens is becoming an absolute necessity. At the very least we recommend that the plan is tested and reviewed on an annual basis, as threats in the cyber world are forever evolving.

Also, consider training for those individuals who will be involved in executing the plan. Having everyone prepared and aware of their responsibilities can have a huge impact when it comes to the effect a breach has on your business.

We're here to help

Our experts are on hand to learn about your organisation and suggest the best approach to meet your needs. Contact an expert today.

Get in touch