No Match Found
The number of “human-operated” ransomware attacks continues to rise. Recovering from these attacks can take organisations months and cost millions, all while they are unable to operate and provide key services.
In these attacks, criminals gain access to an organisation's networks and deploy ransomware to encrypt data and systems – often to devastating effect – before attempting to extort organisations into paying seven or eight figure ransoms.
Before deploying ransomware, attackers steal and exfiltrate the organisations' most sensitive data to further extort victims. These attacks represent a greater challenge than other common cyber security threats due to their immediate operational impact on the victim organisation. They are carried out by skilled and adaptable criminals, who can overcome defences, as well as evolve their tactics to maximise their chances of getting organisations to successfully pay out.
The cyber security function’s core focus is to prevent a cyber attack from reaching critical IT services, and to rapidly detect and contain it should prevention fail. It rarely considers how to recover if an attack cannot be contained in time.
The IT and business resilience teams focus on avoiding downtime, but are commonly built around "failure modes" which are physical in nature and limited to a single location (e.g. natural disasters impacting a data centre) and fail to consider cyber security threats which scale across multiple locations simultaneously.
This organisational disconnect often results in gaps in both operational resilience and cyber security capabilities which are not well understood or articulated.
Resilience solutions, which do not take cyber threats into account by design, may even inadvertently facilitate the spread of ransomware across the IT estate via data replication technologies, including to disaster recovery facilities which are then also infected and cannot be relied upon.
Resilience solutions may also not be secured against deliberate tampering by an attacker (e.g. to prevent their use for recovery). In the event of an incident this means that resilience solutions either fail, are ineffective or even exacerbate the problem.
The end result is that the business cannot restore its IT services in the timescales or state needed, and operations are significantly interrupted. In some cases, this interruption can be severe enough to create a “going concern” risk for the business.
Ransomware attacks are unique in the immediate scale of impact they can have across an entire organisation. Continuing to operate through a catastrophic ransomware attack requires a well-organised, well-rehearsed response from technical front line to C-Suite and Board and across the supporting functions such as corporate affairs; everyone needs to play a part.
The initial response to a ransomware attack is only the beginning - recovery often takes weeks, if not months.
End-to-end scenario preparation and exercising will help you understand the potential routes and validate the timelines to recovery, including the processes which are required to recover both with and without paying a ransom.
The first step to reducing the exposure for your organisation to ransomware disruption is:
We provide a multi-disciplinary best-in-class team of cyber security incident response, crisis management, crisis communications, and business resilience experts who can rapidly baseline your current exposure to ransomware risk, and help you plan to improve your resilience and your ability to respond effectively.
Our specialist teams bring experience and insights from the front-lines of assisting hundreds of clients respond and recover from real ransomware attacks. This is used to deliver realistic exercises and reviews focused on the cyber security capabilities and technology design decisions which make a real difference in a ransomware scenario. Below are just a few examples of exercises and reviews we have conducted for clients: