Ransomware response and recovery
May 5, 2021
May 5, 2021
Impacts vary but, in many cases, ransomware disrupts businesses for significant periods—or even forces them to suspend operations or close. A growing population of highly capable cyber extortionists is developing new means to counter defenses and to increase the level of disruption they can inflict, constantly. Threats are widespread, they extend across industry and the public/private sector and they affect large and small businesses alike.
Security leaders must understand and counter new ransomware challenges, strengthen defenses across people, processes and technology and demonstrate why security is critical to the business strategy.
160%
year-on-year increase in ransomware events in 2020—with little sign of any slow-down in early 2021 Source: CIFR intrusion data
US$34M
ransom demanded from one of the world’s largest manufacturers—encrypted 1,200 servers, theft of 100GB of data, deleted 20 to 30TB back-ups. Source: Bleeping Computer
US$50M
The Accenture Cyber Investigations, Forensics & Response (CIFR) team observed ransom demands ranging from US$100,000 to US$50M in 2020. Source: CIFR intrusion data
Ransom demands are growing and becoming more customized—with threat actors assessing who is more likely to pay. If ransoms are paid, it can open the door to further criminality. Some ransomware operators have been sanctioned, potentially placing a ransom-paying victim in further legal jeopardy.
What can you do now?
Assume that you are already breached—and focus on resilience across the end-to-end value chain.
What can you do next, now that you’ve been hit?
Being resilient means robust processes, training and coordination across the business. Here are some questions you can ask yourself to find the best way forward to mitigate ransomware risk:
WHAT
HOW
WHO