INTHEBLACK February 2022 - Magazine - Page 39
INSIGHT
// R A N S O M WA R E
RANSOMWARE DEMANDS:
HOW TO RESPOND
Ransomware is malicious software that takes an organisation’s data hostage by locking down systems and
networks to extort a ransom payment. Over the past three years, the number and severity of ransomware attacks
have surged, causing significant disruption and damage to small and medium-sized businesses.
RESEARCH SONAKSHI BABBAR
CLICK HERE TO ACCESS
TIPS FOR PROTECTING
YO U R B U S I N E S S F R O M
R A N S O M WA R E
HELPFUL RESOURCES
T O U N D E R S TA N D
R A N S O M WA R E
CPA Australia’s cyber security hub
Educate your employees:
Communicate the risk of
ransomware attacks and
the risk of clicking on a
web link or email
attachment from an
untrusted source.
Turn on automatic
updates: Make sure all
IT systems and software
have their automatic
updates turned on, so
that the latest security
patches and anti-virus
updates are applied.
Establish a reliable backup process: To minimise
the impact on your
business operations,
you need to be able to
quickly restore critical
data and systems from
back-ups that are
regularly tested.
Enable multi-factor
authentication: On top
of a password to access
a computer system, you
can add authorisation
through a one-time code
that might be texted to
your phone. This is
important because if a
cybercriminal has stolen
a password, they cannot
access your systems
without the one-time
code.
Source: Richard Bergman,
partner and cybersecurity leader,
EY Oceania.
EY’s Ransomware:
to pay or not to pay?
Protect yourself against
ransomware attacks
Australian Cyber Security
Centre’s Getting your
business back up and
running
Source: Richard Bergman,
partner and cybersecurity leader,
EY Oceania.
DO
01
AS S E S S T H E D A M A G E :
Make an inventory of data
that has been affected and
determine whether or not
any systems have been
compromised.
02
SEEK EXPERT ADVICE:
If you’ve got cyber
insurance, call your insurer
immediately. If incident
response is part of the
insurance policy, they can
quickly connect you with
an incident response
expert who can help triage
the situation. Alternatively,
you can call the Australian
Securities and Investments
Commission (ASIC) for
support.
DON’T
03
01
Determine whether it
is possible to expel the
attacker before locking
down your system to
contain the spread of the
infection and prevent the
same attack from
happening again.
Think through all available
options, preferably in
consultation with an expert,
to avoid deciding on
impulse, which could lead
to further complications.
L O C K D O W N T H E SYS T E M :
04
N O T I F Y S TA K E H O L D E R S :
Understand your
obligations under the
Privacy Act in the
jurisdiction in which you
operate. You may be
required to notify both
the authorities and your
customers in cases where
personal information has
been stolen.
M A K E R AS H D E C I S I O N S :
02
PAY T H E R A N S O M :
There is no guarantee that
you’ll get your data back or
that it won’t be leaked even
after you pay the criminal.
You also tend to become
more vulnerable to future
attacks if you pay up.
03
LOG IN THROUGH
ANOTHER DEVICE WHILE
IT IS CONNECTED TO THE
NETWORK:
You don’t know how
deeply the system has
been compromised, so
using another device on
the same network will not
solve the problem.
04
B A C K U P YO U R D ATA
INTO THE INFECTED
E N V I R O N M E N T:
Back-ups are your lifeline
during cyber attacks, so
be 100 per cent certain
that your environment is
secure and clean before
restoring data.
intheblack.com February 2022 39