15/12/2019
ATTACK ransomware? WHAT TO DO
Knowing what to do in case of a ransomware attack is already part of the solution. Five actions to react immediately and nine tips to be more relaxed and ready for the next emergency.
Wannacry has hit a total of 150 countries, made unavailable approximately 200,000 systems, yet all security experts feel that 'still' has not gone even so bad. We have to wait much more important consequences, especially in very critical sectors. The budget of the attack on the tail, also considered the objectives of the British hospitals alarm, but it was not tragic. With EY guide, however we try to focus on what are the behaviors to be taken immediately when you realize that the attack is underway, and the medium term.
There are five immediate actions to be taken:
1. Disconnect immediately all network connections and external storage. Perhaps it was not yet clearly illustrated that the ransomware not only propagate comfortably on devices connected via USB, but also on the network. You can also make dozens of backup, but if you adopted (many once suggested) the technique of simultaneous synchronization, to prevent the infection have only the possibility to anticipate the spread. And if you do not immediately unplug the peripherals to keep the older backups (to save more and that) you can not do anything with your ten backup.
2. Turn off the computer and notify the IT team, if you have not and your IT team is you, first of all, keep a cool head and act calmly, without rushing behaviors you might repent.
3. Ask for the support of an expert team in cybercrime investigation
4. Do not pay any ransom to hackers, so as not to fuel the illegal ecosystem, also there is no guarantee to regain access to encrypted data. With WannaCry (but it also happens with other ransomware) even those who have paid probably failed to decrypt the data, is not the first time this has happened. Not only those who pay once, maybe it pays the second. The mechanism is the same as always.
5. Protect and keep backups ready to allow experts to be able to provide assistance.
EY medium-term strategy anti-ransomware
EY then delves into the medium-term approach, and recommends the following strategy on nine points.
► Implement and verify the robustness of the vulnerability and patch management systems
► To develop and test the response of systems and processes state of adequacy accidents
► Develop effective business continuity plans and updated to the current threat scenario Cyber. If you are not simulated in the company at least once a serious attack can never be sure you have an adequate plan for business continuity
► Implement backup plans for all critical data as a function of the rate of generation and updating of the same. That they are not necessarily backup synchronization, but also scheduled, and not just incremental.
► To support the development of monitoring and security operations solutions (SOC, monitoring endpoint) that help detect early and reduce the effects of these attacks
► Develop specific protection systems for critical business systems and possibly identify systems and data that do not need to be connected to the Internet
► Train staff to respond to such incidents and generally create awareness among employees through a simulated attack activities. Knowing not only what to do but also how to react to the information of the attack time is already part of the solution.
► Ensure regular technical inspections of safety measures through vulnerability assessments and pe*******on tests
► Implement a proactive system of government for the entire business ecosystem.
In principle, the EY approach is shared by most of the vendors we know, if you need please contact our agency.
Group Top Secret