Most organisations have a plan for responding to a ransomware attack, but few actually test it, and many only realise the limitations of their plans when they find themselves dealing with ransomware chaos at three o'clock in the morning – potentially without e-mail.
So say Rubrik experts who are set to present a webinar telling the behind-the-scenes stories of organisations that were attacked, what they experienced, and how they recovered. Survivors from the ransomware battle front report roller coasters of emotion, and the fear that some of their employees’ jobs could be lost. They find the impacts spreading into unexpected areas, and discover too late how crucial some of their systems are for operations.
Werner Vorster, South Africa country manager at Rubrik, says: “Organisations need to know what it’s like inside the tornado, so they can be better prepared when it happens.”
The problem with ransomware is that it’s like a virus that gets into all of your systems – including DR.
Werner Vorster, Rubrik.
Vileen Dhutia, head of security sales, EMEA at Rubrik, notes: “In the early 2000s hackers were teenagers in bedrooms, motivated by fame. But the motivation has switched to monetary or even political gain; and more of the impact is now through exfiltration and extortion. In the case of exfiltrated data, it’s not just money at risk – people’s lives can be impacted.”
He cites as an example the Washington DC police department hack, in which attackers leaked information about police informants on the dark web.
Dhutia says: “Today, these attacks don’t stop at exfiltration – we are hearing of organisations not only paying a ransom, but also being asked to pay a monthly subscription to not be hit again. But how do you justify raising a purchase order for bitcoin to pay criminals in a sanctioned nation?
“Some organisations go public so others can learn from their experiences. This sharing we see from the IT community isn’t scaremongering, it’s so that others don’t have to wait to get hit to know what it’s like in the mindset of the triage situation and are better prepared to preserve the organisation and their job as an IT admin."
Vorster says many organisations may believe they have a recovery plan, but have not actually tested it. “If you don’t actually test it in a simulated controlled environment, how will you execute it amid chaos at three in the morning? For many, it isn’t tested because it affects production data and could require downtime. Others have a plan best suited to natural disasters, with a production environment and DR environment. The problem with ransomware is that it’s like a virus that gets into all of your systems – including DR.”
Organisations must shift more focus and budget from detection and prevention to recovery, Dhutia says. “It’s not just about locking down systems anymore.”
Webinar: Real life ransomware recovery
Date: 26 January 2022
Time: 11:00 (GMT+2)
Rubrik, in partnership with ITWeb, will host a webinar on 26 January entitled Real life ransomware recovery: Stories from the front.
Rubrik security experts will recount real-life customer experiences of ransomware attacks, telling how organisations reacted, negotiations with cyber criminals, the challenges of retrieving data and getting systems up and running again; and how they ultimately recovered. They will also share tips and guidance on best practices for risk mitigation and response.
For more information and to register for this event, go to https://www.itweb.co.za/webinar/rubrik-real-life-ransomware-recovery/
Share