Lessons from Transnet: Is your business prepared for a ransomware attack?A recent media briefing by Minister Pravin Gordhan, revealed that to date, only 90% of Transnet’s systems are up and running following the devastating ransomware attack that brought down SA’s biggest rail, port and pipeline company a month ago.
According to Mike Styer, country manager at GlassHouse South Africa, the financial and reputational damage is very real particularly in the light of a Force Majeure.
“Rumblings within industries that rely on Transnet show that the paper-based services that many are now having to use while Transnet recovers has been highly frustrating and inefficient. Many businesses are reporting significant delays in the processing of cargo and the releasing of freight,” he says.
He cites several examples of the residual damage that has emerged over this time, including trucks standing idle while waiting for goods to be released, perishable goods expiring, and businesses facing late deliveries and possible penalties due to goods being delayed. Moreover, many ships were anchored for days or weeks waiting to offload cargo at ports.
Styer says the fact that the largest port in Africa was paralysed for more than 10 days and crippled for several weeks, shines the light on the need to find better and more reliable ways to protect SA organisations from ransomware.
It's heartening to see that no ransom has been paid.
Although the damage is done, the staggered recovery of Transnet’s systems is expected, mainly because many sophisticated ransomware strains have a dormancy period of weeks or even months, enabling them to replicate across an organisations’s backups and recovery services before activating.
This, says Styer, means that when services are restored from backups, recovery can still be infected.
“With Transnet’s staggering recovery, it could mean they are trying to avoid exactly that, but after almost a month, customers are getting understandably antsy. That said, it's heartening to see that no ransom has been paid.”
Planning for recoveryStyer says the need for a well thought out plan for recovery in event of a cyber attack of this nature is critical, and although planning can be tricky, it has to be done. For most businesses in SA, it’s a matter of when, not if, they will face a ransomware attack.
According to Sophos research, 24% of businesses surveyed in SA say they were hit by a ransomware attack over the last year, and only 11% of those were able to recover all their data in a reasonable timeframe.
"The fact that the largest port in Africa was paralysed for more than 10 days shines the light on the need to find better ways to protect SA organisations from ransomware."
Mike Styer, GlassHouse.
Key to being prepared for a ransomware attack is ensuring the business has an immutable copy of its data and that this copy is air-gapped away from the business’s systems, users and network.
“This is part of the creation of a cyber recovery vault, a place to store critical data while protecting it from the outside world and stealth attack.”
In addition, Styer says using the right technology will also enable the organisation to scan any added data with machine learning technologies and AI to pinpoing any anomalies that might enable ransomware to hide out in that data, waiting to pounce.
Finally, he says: “Cyber recovery as a discipline needs to form part of business resilience planning, similar to what backup and recovery, business continuity and business resumption planning have become over the years.”
This article originally was published on August 23rd, 2021 on ITWeb. You may reach the article through this link.