Ransomeware Swat Tactics

Loop-Advisors-Swat-Tactical-Boots-on-the-groundProtect, Predict, Detect, Recover, Respond

We are all in agreement that another Ransomeware variant is going to rip through our business environment in the near future. The question to ask is how we can effectively “Protect” our computer, server, network and Cloud environments?

Let’s spend a moment and define Ransomeware: A type of Malware that encrypts files on a computing device (like a laptop or a network fileserver) and will not release the files until a ransom (bitcoin) is paid to unlock the data.

A ton of money has been spent by vendors and Fortune 1000 companies setting up an opportunity to “Predict” the next cyber threat from ransomeware. Sandboxes, Honeypots and proactively monitoring the dark web can lead to an early alert and a chance to observe the behavior of new ransomeware threats. Spending energy and resources proactively allows us the chance to setup new hardened security control systems. The only problem with this step is a small to medium size business will not have the resources to participate and will have to rely on their vendor to “Detect” and inform of a new cyber threat.

The Swat Tactic a SMB must have is to be quick to “Respond“: design and test an “Incident Process”:

create a team

block communications, this could be more than one item (firewall, IPS solution)

quarantine the infected equipment

use Network Access Control and keep the user from spreading the malware

clean and then clean again

Use every form of technology to alleviate the doubt that the malware is still lingering in the business environment. This allows the user to become a productive employee as soon as possible.

Ironically a SMB can do additional low cost actions to overcome the “Respond” step:

setup loaner laptops/computers

setup a backup strategy that uses offsite backups

train employees by showing examples of email malware threats

define user roles in your organization and lock down the file structure

create a report that can inform the organization on what each employee has access to onsite and offsite

The safest method to “Recover” a company that does not have Swat Tactics in place, is to have the time to restore files from an offsite backup.

Spending a couple of days with an experienced consultant can put your mind at ease regarding ransomeware. Reach out to your trusted advisor and discuss some of these ransomeware Swat Tactics to implement in your business.

Ray Lunaburghttps://loopadvisors.com/ransomeware-swat-tactics

Please note a couple of excellent resources to examine and understand the complete Ransomeware debacle have been created by:
– Cisco https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/ransomware-defense-dig.pdf
– Frost and Sullivan White Paper Commisioned by Dimension Data and Cisco Systems – Ransomeware: The Pervasive Business Disrupter