Q&A

Q&A with Karinne Bessette: Ransomware Tips for All

A top Veeam technologist shares what critical first steps IT must take during a ransomware attack. Above all else: Don't pay the ransom.

• By Gladys Rama
• 09/07/2021

News of emerging ransomware attacks have been a dime a dozen lately, with everything from mom-and-pop shops to government agencies falling prey. But for all its pervasiveness, ransomware is one threat that a lot of organizations just don't seem to have a good plan for.

For IT pros looking for practical advice to get ahead of ransomware, a good place to start is an upcoming Live! 360 session called "Ransomware Tips for All" hosted by Microsoft Azure-certified expert Karinne Bessette and Microsoft MVP Rick Vanover as part of the Live! 360 conference taking place Nov. 15 to 19 in Orlando, Fla. Bessette and Vanover will cover all the bases of making an organization more resilient against ransomware threats, from user education, to recovery, to how Microsoft technologies can help IT beat back attackers.

In a taste of what's to come in the session, Bessette recently shared with us her takes on the current state of ransomware -- including the worst possible thing an organization can do.

Redmond: So, pay or don't pay?
Bessette: Never pay. Many countries have rules where you can be sanctioned for paying and funding terrorists. Sometimes even when you pay, it is so slow to decrypt that you end up restoring from backups anyway.

We'll provide advice on how to prepare to have the ability to have control over your data before an incident happens.

Have ransomware attacks changed now that more employees are working remotely?
Short answer, yes. Long answer: There are more devices (device sprawl), vulnerable home networks and a lack of training for this kind of situation, both for users and admins. Additionally, remote access is one of the most exploited modes of entry.

What are the first immediate steps to take if you think your organization is in the midst of a ransomware attack?
Isolation is the first practical step. This can start with disconnecting network access and shutting down affected servers. Evaluate the extent of the damage and initiate the proper stakeholders for your scenario disaster recovery plan.

Also, make sure you know who to call. Do you have a cybersecurity expert to reach out to? Do you have support offerings from key components of your environment? During an incident, precious time cannot be wasted.

What's the absolute last thing you should do if you're hit by ransomware?
Pay the ransom. The reason this continues to be a pain to administrators over the globe is because ransomware is a profitable business. There are pages on the dark Web dedicated to selling information and vulnerabilities that can be found in current and unpatched networks. This has made it easy for low-level hackers and script kiddies to become more dangerous.

Creating a disaster plan that mitigates at all possible turns paying the ransom is the best way to fight the spread, because as long as ransomware continues to be profitable, people will keep doing it.

Any ransomware horror stories? What's the worst response to a ransomware attack you've seen from an organization?
In the course of our practice, we've seen a number of incidents that have been a successful recovery, but also some things not go so well. We've also seen things get resolved because of "luck," and that should never be part of the solution.

One organization paid the ransom as that was just "quicker" than dealing with the complexity of their recovery tools. This is not the expectation of the world we live in today.

What makes an organization particularly vulnerable to ransomware, or attractive to attackers?
Not taking a layered approach to protecting against all forms of ransomware, from your network to disaster recovery. Additionally, IT pros need to be made aware of the common attack vectors.

What's the one thing IT pros misunderstand the most about ransomware attacks?
It's not a matter of if but when will it happen, There's a need to test disaster plans because you never know unless you test your plan. IT pros also need to realize that there are actionable steps to take now to avoid having to manage a disaster later. This session will provide practical advice to prepare to deal with the threat and response.

Ransomware is a continuous learning perspective. In the session, we'll share the latest tips and tricks from experts who have made ransomware resiliency part of their focus and area of expertise. The advice will be broken down into simple, actionable steps to ensure you have the ability to remediate a ransomware threat to the best extent possible.