Trustwave Government Solutions Attains StateRAMP Authorization. Learn More

Request a Demo

Trustwave Government Solutions Attains StateRAMP Authorization. Learn More

Request a Demo
Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

Your Money or Your Data: Ransomware Readiness Planning

Change theme to light Your Money or Your Data: Ransomware Readiness Planning
2 Minute Read by David Broggy

Today’s blog installment brings us to the end of our 30-week journey that covered 30 cybersecurity topics that I felt would be of interest to a wide variety of security practitioners, such as Security Architects, Security Admins, and Security Auditors. I hope everyone found it as helpful as I found it to write.

So, let’s move on with our last topic.

There are so many expressions like “a stitch in time saves nine,” referring to how doing something immediately is better than the consequences that could happen if you do nothing. Ransomware Readiness Planning is all about ‘doing something in preparation for potential disaster.” In fact, ransomware is so common it has its own defense methodology, used by compliance standards like NIST, ISO, and GDPR.

Ransomware readiness processes can be broken into the following steps:

  • Prepare
  • Respond
  • Recover

Let’s talk about each of these 3 steps.

 

Prepare

There are many ransomware preparedness guides available, so it’s not necessary to build one from scratch. For example, CISA has its 'stop ransomware readiness guide' and Cyberreadiness.org has a ransomware playbook. Microsoft’s Rapid Modernization Plan (RaMP) is a great resource for security modernizations based on Zero Trust principles. RaMP includes a Ransomware Readiness guide that’s easy to understand and provides many use case examples.

Image 1 Microsoft’s ransomware protection steps

Image 1: Microsoft’s ransomware protection steps

 

All the steps for ‘prepare’ are well described in RaMP:

  • Adopt a Cybersecurity framework
  • Prioritize mitigation
  • Make it harder to get in
  • Limit the scope of damage
  • Prepare for the worst
  • Promote awareness and ensure there is no knowledge gap
  • Ensure that you have appropriate technical controls in place
  • Establish an incident handling process
  • Prepare for a quick recovery

 

Respond

The ‘respond’ steps can be found here:

  • Contain affected systems until they can be remediated
  • Disable compromised accounts
  • Perform root cause analysis
  • Apply relevant patches and configuration changes on affected systems
  • Block ransomware communications using internal and external controls
  • Purge cached content

 

Recover

One process on the steps for ransomware recovery is here. Recovery is dependent on the resources from which the data was stolen. For example, if the file(s) were taken from SharePoint, the recovery may involve recovering a specific version of those files from SharePoint (online) or an Azure backup session (on-prem).

 

Ransomware Protection Use Cases

In terms of use cases, it can be useful to organize your defensive solutions in a table as shown below.

People tend to relate better to use cases than rules and regulations. There’s a great ransomware walkthrough example here from Microsoft.

Or consider creating a table for mapping specific conditions to solutions, as shown below.

As new use cases arise, refer to this table or add new sections as needed.

Include the table in your ransomware readiness processes/procedures as a planning and discussion tool.

For more granular tracking, extend the table columns with roles/responsibilities for each associated data owner.

Table 1 Ransomware Readiness Use Cases and Tracking Table

Table 1: Ransomware Readiness Use Cases and Tracking Table

 

Summary

Not having recovery plans in place is a recipe for disaster (and dismissal). Ransomware readiness solutions are well-documented and built into many modern security solutions. Ultimately, protecting against ransomware is everyone's responsibility, underlining the importance of collective action in keeping your data secure.

References

 

About This Blog Series

Follow the full series here: Building Defenses with Modern Security Solutions

This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.

 

Labs

For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.

 

Compliance

All topics mentioned in this series have been mapped to several compliance controls here.

About the Author

David Broggy is Senior Solutions Architect, Implementation Services at Trustwave with over 21 years of experience. He holds multiple security certifications and won Microsoft's Most Valuable Professional (MVP) Award for Azure Security. Follow David on LinkedIn.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Exposed and Encrypted: Inside a Mallox Ransomware Attack
The Willy Wonka World of Application Security Defenses
The Bug Stops Here: Using DevSecOps Workflows for Pest-Free Applications

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo