Responding to Ransomware with Resiliency

Unless you’ve had your head buried in the sand recently, you know that attackers are attacking a wide assortment of companies with ransomware. When they attack your organization, how will it respond?

Cybersecurity has steadily been moving from a strategy of availability to resilience. Years ago, the goal was to achieve 99.999% availability (called five nines) for critical systems. In other words, organizations implemented security controls to ensure systems never went down.

Unfortunately, a strategy of 99.999% availability won’t help when attackers successfully attack an organization with ransomware.

In contrast, resilience refers to an organization’s ability to recover from attacks. It starts with a simple premise.

Your organization will be attacked.

How Do You Respond?

OK. You’ve been attacked. Now what? All your sensitive data is encrypted. Computers are locked up, except for the occasional pop-up messages explaining the ransom terms.

What do you do?

Security+ (SY0-601) Practice Test Questions

SY0-601 Practice Test Questions

Over 385 realistic Security+ practice test questions

At least 10 performance-based questions

All questions include explanations so you’ll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Upgrade Your Resume with the Security+ New Version

Multiple quiz formats to let you use these questions based on the way you learn.

Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.

Pass the First Time You Take It

Get the full bank of SY0-601 Practice Test Questions Here

Click here if you’re looking for SY0-501 Online Study Package

Ransomware Option 1 – Pay the Ransom

One option is to pay the ransom to unlock your data and computers quickly.

However, law enforcement agencies around the world urge victims not to pay ransoms. Every Bitcoin payment that criminals receive allows them to expand their capabilities and launch more ransomware attacks.

One ransomware gang has reportedly received at least $90 million in ransom payments from about 47 victims during the past year.

Paydays like that encourage them to do it again and again.

Additionally, you can’t rely on criminals to give you what you need to unlock your data and systems. After all, they are criminals. There are many incidents where the victim paid the ransom, but the decryption tools provided by the criminals didn’t work. In other incidents, the criminals demanded more money.

Ransomware Option 2 – Create a DRP

A much better option is to have a strong, well-tested disaster recovery plan (DRP). A DRP identifies how to recover critical systems and data after a disaster. Many organizations have separate DRPs for different disasters.

Organizations in Silicon Valley with mature cybersecurity processes in place know how they’ll respond after an earthquake. Similarly, mature organizations in Houston and New Orleans know how they’ll respond after a flood. They document their responses in DRPs, and they regularly test the DRPs to ensure they work.

Creating DRPs for critical systems isn’t an easy process. Effective disaster recovery is a part of an overall business continuity plan (BCP), which starts with a business impact analysis (BIA) to identify critical systems and components.

Without a BIA, it’s difficult to determine what needs to be protected. Should you spend millions protecting a development server used for testing software?

Hint: No. But does everyone know that?

Probably not, but a BIA will identify critical systems and components and make sure people do know what systems to protect.

Once you know the critical systems and components, you can create one or more DRPs. For ransomware, start with the scenario that your organization is infected with ransomware. Next, document the steps needed to restore critical systems and components.

Last, test the steps in the DRP. Some people think all they need is backups. However, if the backups are online, expect them to be encrypted too. An effective backup strategy often has three backups – one offsite, one onsite by disconnected from the network, and a third online for quick non-ransomware data losses.

Ransomware – Another Option

Of course, there is another option. Denial.

Like the proverbial ostrich, stick your head in the sand and refuse to believe your organization will ever get hit by ransomware.

One way to plan for ransomware - stick your head in the sand — One way to plan for ransomware

Attackers Only Have to Find One Vulnerability

Remember the attack on the Colonial pipeline? It disrupted the gasoline supply chain on the east coast, spurring outages, panic buying, and pushing gas prices up.

Attackers reportedly got in through an employee’s unused but active virtual private network (VPN) account. There isn’t any evidence that attackers used phishing to get the employee’s password. Instead, the employee’s password appeared in a dark web data dump of credentials from another breach.

In other words, cybersecurity experts are guessing that the employee used the same password when setting up the VPN account as the password for the account in the breached database.

CompTIA Security+ Study Guide

The 601 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide is an update to the top-selling SY0-201, SY0-301, SY0-401, and SY0-501 study guides, which have helped thousands of readers pass the exam the first time they took it. It includes the same elements readers raved about in the previous four versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

A 75 question pre-test
A 75 question post-test
Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Organizations Need to Block All Exploits

In contrast, organizations much block all exploits. Ideally, prevention techniques can block ransomware attacks.

Implement zero trust
Monitor all incoming traffic
Monitor all outgoing traffic
Use multifactor authentication
Implement privileged access management
Audit accounts and disable unused accounts
Train employees, but remember it only takes one to click a malicious link (or reuse a password)

The most important thing to do is realize your organization will be attacked by ransomware and your best protection is preparation.