EMERGENCY INCIDENT RESPONSE
Get Started

Podcast: In the Ransomware Recovery Trenches

Avatar photo
Conor Quinlan

Episode Summary

The impact of ransomware on organizations is well-known. Companies can be coerced into making ransom payments. The business itself could be forced to close. Sensitive customer data can be leaked onto the Dark Web. An impacted organization’s IT environment may have to be rebuilt from scratch. The impact of ransomware to the employees of the impacted organization is not as well known or discussed.

Tony Kirtley is the Director of Cyber Risk Partnerships at Secureworks. He joins the episode to discuss what it is like on the ground when ransomware strikes and employees attempt to recover the environment. Airiam Field CISO/CIO Art Ocain also shares his first-hand experience in the episode. They both recall the extreme emotions that accompany ransomware response. Responsible people at the victim organization can suffer health impacts and hospitalizations from the experience. To get the best outcome from a response engagement, they recommend responders:

  • Set and communicate realistic expectations regarding timelines with senior leadership and board members.
  • Keep calm despite the stressful situation. The impacted organization is often under significant stress. A calm presence helps the team.
  • Work with the right partner who is a master of their domain of expertise. In the case or Secureworks and Airiam, Secureworks deploys their Taegis XDR while Airiam performs “hands-on-keyboard” rebuilding activities as part of the AirRescue™ offering.

Reducing the likelihood of ransomware in the first place is also important. Tony and Art shared some tips for that as well, including:

  • Develop an incident response plan with primaries and backups for each role. The contacts must be aware of the role responsibilities.
  • Patch your systems when updates are available. Tony noted that vulnerabilities were the most common attack vector in a recent report.
  • Get visibility into endpoints using endpoint detection and response software.
  • Diligently understand and configure Active Directory (AD) and the security features it has built in. In 100% of the incidents that Tony has worked on, domain admin access was achieved to deploy ransomware at scale.

In the end, Tony’s takeaway is that companies don’t need to build a massive fortress. IT leaders at organizations need the visibility into their environment and strong walls safeguarding their important assets.

Video Version

Listen to more episodes at www.airiam.com/podcast, on Spotify, Apple Podcasts, Google Podcasts, Amazon Music, and other podcast platforms.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Airiam Launches New Website and Logo for Bluewater Management Group
Airiam,  announced that they have recently a new website and logo for Bluewater Management Group (bluewatergrp.com), a woman-owned small business born from a military family based in Norfolk, Virginia. The rebranding includes a new simplified logo and
Vivian Lee
>>Read More

Choosing the Right Remote Monitoring & Management (RMM) Tools
It was 4:30 on a typical Friday when the first signs appeared: slow network speeds followed by strange error messages. When Monday morning came around, the entire system was down. Customer data inaccessible. Operations halted. The IT team scrambling to
Avatar photo
webops
>>Read More

Hunting Ghosts in Your Network: The Spooky Role of Pentesters
Late at night, when the office is quiet, and the hum of the servers fills the dark, it may seem like everything is calm. But beneath the surface, hidden in the shadows of your network, are ghosts—lurking vulnerabilities just waiting to be discovered. T
Vivian Lee
>>Read More

130 Buffalo Rd
Suite 103
Lewisburg, PA 17837

(866) 525-8324

Linkedin Youtube

Solutions

Company

Locations

© 2023 All Rights Reserved
Privacy Policy
Master Service Agreement