Protect your organization with award-winning firewalls and cyber security solutions that defend SMBs, enterprises and governments from advanced cyber attacks.

Ransomware: How to mitigate Attacks

Ransomware: How to mitigate Attacks

Credit: SonicWall

By Jeff Marshall, Regional Director, ANZ, SonicWall

Ransomware is a form of malicious software that when deployed on a device encrypts a user’s sensitive data. To secure a decryption key or initiate a decryption process, the victim is asked to pay a ransom to the attacker, usually in the form of cryptocurrency such as Bitcoin.

The amount demanded by attackers can vary, with ransoms typically in the range of $200 to over $100,000, depending on the size of the enterprise and the value of the data held for ransom.

The rise of cryptocurrency today has become the answer ransomware and other malware developers had been waiting for. Bitcoin and similar technologies allow for a far simpler, anonymous, more streamlined and dynamic payment architecture for criminals, who can now use these blockchain-based currencies to control ransom demands over time and collect and manage all payments digitally. 

Planning for a Ransomware Attack

Organisations should prepare for a possible ransomware incident by creating all the relevant components for an incident response management process. They need to consider specific ransomware responses and recognize that existing IR plans might not be applicable to ransomware incidents due to the combined possibilities of encryption, loss of access to critical system files and services and data breach notification issues.

Few key elements which should be considered when planning and preparing for a ransomware incident:

1. Preparing an Incidence Response Policy: 

Preparing an incident plan to help be prepared in case of an attack is the most sensible thing a company can do as a start. The following are some crucial questions that a robust policy document must have answers to:

  • Preparation phase: How are staff trained and prepared? What tools and resources are they armed with to respond to ransomware incidents?
  • Identification phase: How do you recognize and detect a ransomware incident? How do you go about understanding the strain of ransomware, attack vector, attack group and real motivation?
  • Containment phase: How will you contain the incident from spreading to network shares and other connected devices?
  • Eradication phase: How will you perform a forensic analysis of data to determine the cause of the incident, remove the ransomware from infected devices, patch vulnerabilities and update protection?
  • Recovery phase: How will you return to normal operation and in what time frames?
  • Post-Incident phase: After the incident is resolved, what can you learn to prevent it from happening again in the future?  How will you document the incident?  How can you monitor to stop repeat performances or further connected activities? How can you improve and update organizational threat intelligence feeds?

 2. Recruitment:
Secondly, teams would need specific skills, knowledge and access to relevant system tools and technologies to effectively detect, investigate and respond to a probable attack. This may include outsourced help as well as non-technical staff like executives, PR and media teams.

 3. Define Roles and Responsibilities:
Prepare documentation that clearly states the roles, responsibilities and processes. Clarity makes for timely action and eliminates confusion in a time-sensitive ransomware infection.

4. Create a Communication Plan:
The entire response team should know who to contact, why and when during an incident. What information will be required in the first stages of a detection?

5. Test your Incident Response Plan:
Identify which are the most sensitive assets and what are the critical security incidents the team should focus on. Roll play, tabletop and test the incident response plan to identify any weaknesses proactively.

6. Review and Understand Policies:
Review and consider changes and updates to existing policies/procedures to ensure they are fit for purpose relating to ransomware. 

Latest research shows that sophisticated threat actors are tirelessly adapting their tactics and embracing ransomware to reap financial gain and sow discord. With remote working still widespread, businesses continue to be highly exposed to risk and criminals are acutely aware of uncertainty across the cyber landscape. It’s crucial that organizations move towards more modern Boundless Cybersecurity solutions to protect against both known and unknown threats. An important way to stop ransomware is to have a very strong endpoint security solution.

For more information please reach out to Jeff Marshall, Country Manager & Regional Director - ANZ, SonicWall +61477 040 118

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ransomware attacksransomware defense

More about ANZIRMarshallSonicWallTest


EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments