Responding against a ransomware attack resulting to a data breach

It is common news that the implications and costs of cyberattacks are significant and damaging to the victim, both on an individual or business level. In fact, our Kaspersky IT Security Economics 2020 report showed that, on global average, a breach costs an enterprise $1.09m and a small to medium-sized business (SMB) $101k in 2020. However, with the world becoming increasingly digital, and cyberthreats more complex and sophisticated, there is a growing need to protect oneself from falling victim to cybercrime.

For instance, ransomware attacks in Southeast Asia detected by Kaspersky researchers revealed that since 2018, the number of ransomware detections (prevented attacks) in the region – Singapore, Indonesia, Malaysia, Philippines, Thailand, Vietnam – actually decreased. 2018 saw the highest number of detections recorded at 4,185,703 prevented attacks, where detected incidents in 2017 fell to 3,865,645, and further decreased to 1,418,085 in 2020. 

However, while these numbers reflect a decreasing ransomware incident trend, we also see the extent of attacks and severity of each attack to be increasing. These ransomware attacks have also become more high profile, and from what we observe so far, there is no clear indication that specific industries are being targeted. What we have seen are that companies with a huge repository of customer data will continue to be targets.

What to do if you experience a security breach

Organizations that suffered breaches may affect their customers’ personal information so as a customer of a major company affected by a cyberattack that resulted to a data breach, act quickly to ensure your safety. Remember that a security breach on one account could mean that other accounts are also at risk, especially if they share passwords or if you regularly make transactions between them.

• If a breach involves your financial information, notify your banks immediately.
• Change the passwords on all your accounts. If there are security questions and answers or PIN codes attached to the account, you should change these too.
• You might consider a credit freeze. This stops anyone using your data for identity theft.
• Check your credit report to ensure you know if anyone is applying for debt using your details.
• Try to find out exactly what data might have been stolen. That will give you an idea of the severity of the situation. For instance, if tax details and SSNs have been stolen, you'll need to act fast to ensure your identity isn't stolen. This is more serious than simply losing your credit card details.
• Don't respond directly to requests from a company to give them personal data after a data breach; it could be a social engineering attack. Take the time to read the news, check the company's website, or even phone their customer service line to check if the requests are legitimate.
• Be on your guard for other types of social engineering attacks. For instance, a criminal who has accessed a hotel's accounts, even without financial data, could ring customers asking for feedback on their recent stay. At the end of the call, having established a relationship of trust, the criminal could offer a refund of parking charges and ask for the customer's card number in order to make the payment. Most customers probably wouldn't think twice about providing those details if the call is convincing.
• Monitor your accounts for signs of any new activity. If you see transactions that you don't recognize, address them immediately.

Organizations of all sizes are urged to follow the advice below in order to help them mitigate cyberattacks and potentially reduce costs if they suffer a data breach:

• Plan your breach recovery strategy. The best time to prepare for recovery from a breach is before it happens. Take one step today, maybe start to look at how your organization would detect a breach, or how you can test the detection capabilities you have.

• Ensure the organization is using the latest version of its chosen operating systems, with auto-update features enabled to ensure the software is always up to date.
• Adopt endpoint solutions, like Kaspersky Integrated Endpoint Security. It enables vulnerability assessment and patch management, to reduce the risk of vulnerabilities being exploited by cybercriminals. This can automatically eliminate vulnerabilities in infrastructure software, proactively patch them and download essential software updates. It also provides behavior detection and exploit prevention mechanisms that discover and stop suspicious endpoint activity.

• Educate employees on the importance of regularly updating technology and software. For example, IT training courses from the Kaspersky Automated Security Awareness Platform and Kaspersky Adaptive Online Training cover this topic.
• Invest in building a cyber-aware culture. Strengthen cyber-awareness training for all employees. This can help your employees work together more effectively in the face of a common cybercriminals, and appreciate the difficulties the security team faces keeping the organization safe.

Protection against ransomware – what companies should pay attention to

As with other forms of malware, careful action and the use of excellent security software are steps in the right direction when it comes to combatting ransomware. Of particular importance with regard to this type of malware is the creation of backups, as this allows you to be well prepared even in a worst-case scenario.

In addition, Kaspersky encourages organizations to follow these best practices that help you safeguard your organization:

• Always keep software updated on all the devices, to prevent attackers from infiltrating your network by exploiting vulnerabilities.
• Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to the outgoing traffic to detect cybercriminals’ connections. Set up offline backups that intruders cannot tamper with. Make sure you can quickly access them in an emergency when needed.
• Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.
• Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents. All of the above is available within Kaspersky Expert Security framework.
• On top of end point and awareness, also talk about investing in a security team and SOC, and get access to threat intelligence information and regularly up-skill them with professional training, as well as have threat hunting software to identify breaches by aggressive criminal groups.