Shawn Smith, Director of Infrastructure at nVisium, explains, “Ransomware attacks like this highlight how important, and cheaper, it is to have proper backup and recovery plans. You’re not able to trust the attackers so even if you pay the $20 million for them not to leak the data you have to operate under the assumption that it is compromised, this means changing all passwords, rotating access keys, etc. It’s a sunk cost for an uncertain outcome, and if you already have backups of your data then it’s not one that’s necessary to pay. Proper backups and a defined recovery plan to use those backups makes the road to recovery a much smoother one. You patch the vulnerability that was exploited, clean or replace any infected systems, change any passwords and access keys the attackers might have, and then restore the data from your backups. Once all that is done you can evaluate what was stolen and figure out the businesses next steps for proper disclosure of the breach and alerting users.”

Read entire article here