• 1000

Ransomware attacks on corporate networks are on the rise around the globe, thus becoming a growing threat. This causes significant damage to the economy. We are constantly reading about such attacks and their effects, even in Germany. For example, media companies have been affected on several occasions, resulting in their publications not appearing or appearing only with reduced content.

Challenges posed by a ransomware attack

In ransomware attacks, malware the encrypts company data is implanted in the network. The attackers demand payment of a ransom (usually in cryptocurrencies such as Bitcoin) for the data to be decrypted again.

The compromised company can either meet the demand - in the hope of actually gaining access to its data again - or try to restore the data in another way, for example, via backups. But beware: Paying a ransom often does not lead to the desired goal.

Cyber extortion is becoming more sophisticated and complex. This is particularly true of the operational technology (OT), in which physical processes are usually involved. In severe cases, it may take days or weeks for operational restrictions to be remedied.

Risk-aligned OT security is therefore crucial for a resilient business operation. This also means that companies can respond appropriately in the event of an attack. Effective processes must be developed, implemented and regularly reviewed in order to be prepared in the event of an emergency.

Companies need effective response and recovery processes.

The relevant steps for an effective response and recovery plan are explained in our paper “The day after” (in English).

Such a plan should cover two aspects:

  1. a well-prepared response to cope with the immediate impact of the attack on operations and to manage the costs - the first 72 hours are crucial,
  2. recovery from the attack as quickly as possible, i.e. rapid restoration of proper business operations.

At the same time, it is important to draw conclusions from an attack to optimise cybersecurity: How was the attack able to be carried out? Where was the weakness in the company network? And what can be done to eliminate - from a hacker's point of view - successful attacks in the future as much as possible?

“The day after” provides important information on effective internal response and recovery processes and recommended actions so that companies can recover quickly on their OT after a cyberattack, increase their security and be resilient.