There have been several high profile ransomware attacks this week – and small ones that do not make the news.
Lorenz ransomware breaches corporate network via phone systems (bleepingcomputer.com)
Ransomware gang threatens 1m-plus medical record leak • The Register
Buenos Aires legislature announces ransomware attack – The Record by Recorded Future
Cisco confirms Yanluowang ransomware leaked stolen company data (bleepingcomputer.com)
When the ransomware attack is the encryption type, your backups are you best defence, however more and more these breaches not only encrypt but also steal the data and threaten to release it into the Dark Web or public domain. These are far harder to mitigate after the fact as you have lost control of that information (Jeurissen. 2020). You really need to be segmenting and securing your information before the incident, so if you do suffer a data breach you hopefully will limit what information is taken.
This is where understanding authentication, authorisation and accountability (AAA) is an essential step in any business cyber security is important. I have written more about this here:
Why you should care about the TLA AAA! – CyberAwake
What you should take away from this is first have a have a ransomware resilient backup – this is an absolute essential for any business to survive not only an encryption ransomware attack, but also other incidents such as catastrophic hardware failure, theft, flood etc. But to be really effective that information you have backed-up needs to be segmented and access given using the principle of least privilege – only give access to a user to the minimum information they need to do their job.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Jeurissen, S., (2020, January). Enterprise content management: securing your sensitive data. Retrieved from https://www.compact.nl/en/articles/enterprise-content-management-securing-your-sensitive-data/
