Can ransomware be stopped, and can you survive after an attack? Absolutely – if you’re prepared ahead of time.
A clearly outlined, detailed plan must be in place well before any possible attack occurs. Nothing is worse than seeking a solution in the panic and confusion after discovery of an attack. Your plan should likewise cover how recovery follows that response.
You can start by following our recommended pillars of isolate, remove, verify, and recover . Write a clear and easy-to-follow playbook and ensure your response team can find it quickly (digitally and physically) during an emergency.
Build a Cyber Security Incident Response Team (CSIRT) who will serve as your front line of defense.
The core team should consist of a limited number of cyber security employees, but it’s wise to fill the rest of the wider team with members from other departments–remember to include all potential stakeholders. Your playbook should provide clear and explicit roles, responsibilities, and activities to perform the moment the team is activated.
Make sure all the tools you need are firmly in place now. Start with prevention and detection by selecting an enterprise security software suite that not only addresses viruses and malware, but ransomware specifically. Ensure that it’s watching every client and server on your network.
Tools should fully remove and destroy attacks, verify a clean system, and recover your lost data. Decryption is never guaranteed, so ensure you have the right online and offline backup tools ready to restore.
Practice, practice, practice. Though the tip may seem obvious, it’s easy to take for granted.
Our How to Remove Ransomware guide emphasizes how complex response and recovery can be following such a devastating attack. Don’t cut corners here–build a mock-up environment that accounts for your various systems, networks, and integrations. Practice your playbook on this environment regularly.