Throughout the decade, ransomware has become a prime method for attackers and one of the most impactful on victims. Threat actors don’t seem to discriminate, with attacks spanning all kinds of industries, both large and small. Regardless of the size or type of organization, when incidents occur there are always practical lessons that everyone can learn from to bolster your own resilience against similar attacks. A recent post at BleepingComputer discusses a couple of recent ransomware incidents, including major water services company Veolia North America, and offers salient reminders on ransomware resilience strategies others had to learn the hard way.
Takeaways From Recent Incidents
- Prompt actions prevent attacks from escalating. Swift action to isolate affected systems can significantly decrease an attack’s impact in several areas including business reputation. This was best seen in the Veolia incident where the incident response team was able to prevent the attack from escalating to its operational technology (OT) systems. This quick action also prevented the incident from lingering on weeks or even months after it started.
- Ransomware often has far reaching consequences. The effects of the attack on Change Healthcare are continuing to be felt throughout the entire health care system five weeks after it was detected on February 21. In the Fulton County incident, officials were still working to restore downed phone lines and online systems over a month after the breach was discovered. Depending on how sophisticated attackers are, it can be an upward battle to keep adversaries out once a breach has occurred.
What Organizations Can Do to Limit Ransomware Risk
BleepingComputer highlights several key areas that play a major role in mitigating ransomware attacks which can either limit attacks’ ramifications or prevent them entirely. This approach calls for multiple layers of defense. Utilities may want to review each of these key areas and determine your own ransomware resilience posture:
- Email Security
- Endpoint Security
- Properly Encrypt Sensitive Data
- Have a Solid Backup Strategy
- Patch Management
- Utilizing Automation
Along with the above key areas, as always, members are recommended to regularly review CISA’s StopRansomware resources and guide which offer current and valuable insights and guidance into defending against this threat. For more details on the key areas, visit BleepingComputer.