Whilst looking at the role that backups play in effective response plans to ransomware infection, we discussed in part one the value of identifying critical data, organizational knowledge to prioritize, and implementing an effective backup frequency. In part two, we are looking at the speed of recovery.
Know more: what is a NOC?
As you know from part one, ransomware can come into our systems in a variety of ways. Unless we put in controls to restrict this, our systems will not identify anything as wrong. Consider the number of phishing emails that organizations receive. One such phishing email might contain a malicious link or an infected document that contains ransomware. It could be navigating a user to a malicious website that requests to install an update but is actually malicious code.
Or, due to password reuse, a previous data breach provides a malicious actor with legitimate credentials, and these stolen credentials are then used to log in to a remote system. After the malicious actor is done helping themselves to whatever interesting files they may wish to take, they install ransomware to cover their initial breach.
Consider each way you access and use systems or devices daily – these ways can all be used maliciously unless protections and limitations are in place. Ultimately, to protect systems and devices from ransomware (1) we need to configure our systems before infection to prohibit or limit this malicious code, and (2) once infected, only the prior controls and solutions in place can assist us in recovery – outside of making payment. Which means…