Preparing for Ransomware Attacks

It’s becoming a harsh reality that despite your best efforts to protect your businesses from ransomware threats, cybercriminals are always finding new ways to do their dirty work. Attacks are becoming more elaborate and stealthier. In other words, digital transformation isn’t just happening to the good guys. When you get your hands on new technology, the typical threat actor won’t be far behind you.

Out with the old, in with the new (and improved)

This is why it’s crucial to modernize your backup and recovery. New attack tools and methods are the MO of successful attacks, so it’s not enough to just keep up. You need to be ahead of the game. Typically, staying ahead of the game falls to your security professionals who do whatever is within their power to rescue your data post-attack. This often occurs when ransom negotiations are already actively underway. So, it’ll come as no surprise to you that time is of the essence at that stage. Anything and everything that can be done to prepare for an attack should be done in advance.

Are you tough enough?

In one of our previous blogs on recovering from a ransomware attack, we discuss a similar concept. Scrupulous planning, design, and attention to detail are all important factors in being cyber resilient. But the real resiliency lies in the flexibility of people, processes, and technology to address novel threats. The exact nature of attacks and ransom demands are always difficult to predict. But all is not lost, a few key measures go a long way in softening the blow of attacks and improving your protection.

Optimizing your backup environments

But what happens when the threat actors have penetrated the backup environment itself? It’s a difficult situation, but all is not lost. If you’re prepared with a simple, automated process in the event of an attack, you’ll likely be able to recover the majority, if not all, of your data. At Predatar, using the Predatar platform, we add layers of automated cyber resiliency to the backup application itself. We do this by alerting to intrusive behavior or unusual user activity. The platform also provides a forensic command search feature. This feature can be applied worldwide and allows you to detect and block strange activity.

What about people power?

Automation is key to optimizing your backups, but it’s not always one-size-fits-all. A variety of talent and skills amongst your people is imperative. On some occasions, the Predatar platform may not be alerted to the compromise by network security. This can happen if the attack MO is particularly unusual or complex. In which case, it may be unable to detect the attack through an IoC backup scan or deviation alarm. So, what then? The platform harbors another layer of resiliency. Any qualified Predatar user can sound the alarm and describe the details of the attack, its signature and the extent of the infection.

At this point, all decision-makers and everyone with the correct permissions will be notified. In the meantime, Predatar automatically searches for and recovers critical assets to a quarantine area. There they will stay until given the all-clear to be moved into production or an alternative environment. Finally, all those assembled will be able to inspect the recovered files and devise a plan of action.