2017 saw a flurry of ransomware attacks affecting all industries. This is another example of how a ransomware attack could have been averted by having strong disaster recovery plans, a tried and tested backup and restore procedure, as well as the usual security practices (endpoint monitoring, perimeter defences, services not being exposed to the internet, and network security monitoring, to name a few).
Lessons learned from larger scale ransomware attacks that have occurred over recent years should be enough to solidify security departments' proactiveness and response to these threats. Having defences in place to not only quickly respond to an incident such as ransomware, but also to use tooling to search for further propagation and limit the damage, is surprisingly still overlooked. Failing that, even with minimal security in place, this could have been averted had the backup and restore strategy been regularly tested. It’s all very well securing backup tapes offsite, but if the physical environment (i.e. weather) is volatile, there needs to be a local backup available to help rollback changes and resume service as soon as possible.
Regardless of whether we see more or less ransomware in 2018, one thing is certain: the attackers have used last year as a learning curve to further advance their tactics, tools and procedures. Hunt or be hunted, it's time to decide.
A US hospital paid extortionists roughly $60,000 to end a ransomware outbreak that forced staff to use pencil-and-paper records. "Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations," the hospital's CEO said in a statement.