Experts Reaction On UK’s Cybersecurity Agency Releases Updated Ransomware Policies

In response to new ransomware policies released by the UK’s National Cyber Security Centre, experts offer perspective below.

Subscribe
Notify of
guest

5 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Dave Jemmett
Dave Jemmett , CEO
InfoSec Expert
March 2, 2020 11:30 am

While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated.

Good business practice dictates having several backups. Keeping one from 6 months prior, 3 months prior and the monthly. The monthly backup should be daily snapshots.

The scanning of the servers for threats daily, then back up to multiple locations. Today\’s cloud back up storage is a inexpensive and can be done in several offsite locations. These backups should be verified and restored periodically for validation. Encrypted backups are also a way to prevent the malware from infecting it if it’s connected to the network.

Last edited 2 years ago by Dave Jemmett
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
February 28, 2020 11:38 am

Offsite backups are important to prepare for any sort of incident, but are even more important in the case of ransomware. However, even backups alone may not be sufficient. We\’re seeing ransomware evolve to the point that the criminals steal critical information from organisations when they infect them with ransomware. They then try to extort the company, its customers, and partners for money in order to not release the stolen information.

Therefore, it\’s essential that organisation do all they can to prevent ransomware to begin with. This requires a layered approach to make it difficult for criminals to get in such as patching external-facing systems, implementing MFA, encrypting data, and providing security awareness and training to all users.

Last edited 2 years ago by Javvad Malik
Dave Jemmett
Dave Jemmett , CEO
InfoSec Expert
February 28, 2020 11:36 am

While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated.

Good business practice dictates having several backups. Keeping one from 6 months prior, 3 months prior and the monthly. The monthly backup should be daylily snapshots.

The scanning of the servers for threats daily, then back up to multiple locations. Todays cloud back up storage is a inexpensive and can be done in several offsite locations. These backups should be verified and restored periodically for validation. Encrypted backups are also a way to prevent the malware from infecting it if it’s connected to the network.

Last edited 2 years ago by Dave Jemmett
Baan Alsinawi
Baan Alsinawi , Managing Director
InfoSec Expert
February 28, 2020 11:25 am

Encryption! use encryption for your data backups. use a separate key for your backup data than the primary storage data. especially when using cloud backup solutions. less likely that two passwords/encryption methods be compromised at the same time,reduces your risk for recovery of your data after a ransomware incident. this is a best practice recommendation.

Last edited 2 years ago by Baan Alsinawi
Bill Santos
Bill Santos , President and COO
InfoSec Expert
February 28, 2020 11:24 am

While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated.

Last edited 2 years ago by Bill Santos
Information Security Buzz
5
0
Would love your thoughts, please comment.x
()
x