News & Updates
CONECT Ransomware Webinar Summary
with Linn Freedman & Joe Devine
1/30/2024
Top Methods of Attack & Response to Ransomware Incidents Threat actors employ various methods to breach organizations' networks and systems.
Understanding these risks and having a robust response plan are crucial.
Methods of Attack
Malicious Code
Threat actors embed malicious code in technology to steal credentials through phishing, SMS texts with links, QR codes, email, desktop sharing software, web applications, direct installs, and backdoors.
Social Engineering
Criminal organizations invest significant time in social engineering, exploiting employees' connections on social media to gain familiarity and trick them into clicking on malicious links or attachments.
Human Element
Approximately 74% of breaches involve a human element, underscoring the importance of training employees to think differently about technology.
Response to Ransomware Incidents
Preparedness
Ransomware attacks can be devastating, with threat actors typically infiltrating systems for 200-270 days before deploying ransomware. Having an incident response plan in place is essential.
Communication and Decision-making
Establish clear lines of communication, both onsite and remotely, and designate key decision-makers, including C-suite executives and legal counsel.
Tabletop Exercises
Conduct regular tabletop exercises to simulate ransomware scenarios, ensuring that all team members understand their roles and responsibilities.
Incident Response Team
Ensure clarity on who constitutes your incident response team and how to contact them, considering that access to systems may be restricted during an attack.
Technical Assistance
Engage IT and forensic specialists to facilitate the restoration of systems from clean backups and identify the ransomware attacker and their demands.
Technical Assistance
Engage IT and forensic specialists to facilitate the restoration of systems from clean backups and identify the ransomware attacker and their demands.
Cyber Insurance Considerations
Policy Coverage: Work with a knowledgeable broker to assess cyber insurance options, ensuring coverage for social engineering, HIPAA compliance, website protection, and ransom payments.
Application Accuracy: Provide accurate information on cybersecurity practices in insurance applications to avoid coverage denial based on misrepresented data.
In conclusion, proactive measures, comprehensive incident response plans, and adequate insurance coverage are vital in mitigating the impact of ransomware attacks on an organization. Collaboration between stakeholders and continuous readiness efforts are key to effectively combating evolving cyber threats.