2017 saw a flurry of ransomware attacks affecting all industries. This is another example of how a ransomware attack could have been averted by having strong disaster recovery plans, a tried and tested backup and restore procedure, as well as the usual security practices (endpoint monitoring, perimeter defences, services not being exposed to the internet, and network security monitoring, to name a few).

Lessons learned from larger scale ransomware attacks that have occurred over recent years should be enough to solidify security departments' proactiveness and response to these threats. Having defences in place to not only quickly respond to an incident such as ransomware, but also to use tooling to search for further propagation and limit the damage, is surprisingly still overlooked. Failing that, even with minimal security in place, this could have been averted had the backup and restore strategy been regularly tested. It’s all very well securing backup tapes offsite, but if the physical environment (i.e. weather) is volatile, there needs to be a local backup available to help rollback changes and resume service as soon as possible.

Regardless of whether we see more or less ransomware in 2018, one thing is certain: the attackers have used last year as a learning curve to further advance their tactics, tools and procedures. Hunt or be hunted, it's time to decide.