Targeted ransomware attacks with larger ransom demands have persisted as a fixture of the news cycle and scourge for security practitioners and business leaders alike over the last two years. And because, unfortunately, these types of attacks show no signs of slowing down anytime soon, having an adequate incident response (IR) plan prepared is essential. Here are some common pitfalls to avoid when developing your ransomware IR plan:
1. Using a traditional incident response plan without tailoring it to ransomware
Traditional IR plans are no match for ransomware. Unlike with many other types of cyber incidents, restoring business continuity following a ransomware attack is about much more than simply re-imaging the infected machine, halting any lateral spreading of malware, and patching a vulnerability exploited in the attack.