Instead of giving in to ransomware, focus on rebuilding your network with better defenses. It’s more beneficial to invest the ransom money in strengthening your security measures to prevent future attacks.
A valuable lesson from the British Library report titled Learning Lessons From The Cyberattack, which examines the ransomware attack the institution faced in October 2023.
Those interested in ransomware should study this post-incident report. While ransomware attacks are common nowadays, organizations rarely share their experiences and lessons learned, especially in the public sector.
Key Points:
Weak Server Vulnerability
The attackers likely entered through a vulnerable Windows Terminal Services server that lacked multi-factor authentication, providing them easy access to the network to steal sensitive data.
Easy Movement and Data Theft
The attackers could easily navigate the network, copying 600GB of employee and user data using keyword searches and other methods, causing a significant data breach.
Challenges in Data Management
Identifying compromised data created a massive workload for the security team, highlighting the importance of data management in the aftermath of a ransomware attack, which could require years of effort.
Impact on Servers
Ransomware gangs often damage servers to pressure victims into paying, disrupting restoration efforts. The library’s infrastructure was severely affected, hindering data restoration.
Permanent System Changes
The attack permanently altered the library’s systems, making it impossible to restore them to their pre-attack state, necessitating new secure infrastructure and software systems.
Recovery Costs and Legacy Risks
While recovery costs were substantial, some were offset by advancing security upgrades. Legacy technology vulnerabilities prolonged recovery, emphasizing the need to modernize infrastructure.
Cloud Migration and Communication Tools
Moving to cloud systems can mitigate risks associated with on-premises systems. Efficient communication tools like WhatsApp were vital during the attack, facilitating uninterrupted communication among staff.
Transparency and Public Disclosure
Publicly sharing the report demonstrates transparency and accountability, setting an example for meaningful disclosure in cyber incidents. The British Library’s openness in sharing their experience is commendable.