Ransomware Readiness at Samlink

During the first two months of 2023, the Risk & Security Department of Samlink has conducted a technical assessment of its readiness for ransomware attacks. In general, ransomware encrypts information in an organization, and the attackers demand a ransom in exchange for the decryption key. The ransomware attackers have “evolved” their business model and now also steal information, and to increase pressure on the victim the attackers threaten to release the stolen data if the ransom is not paid.

The assessment, done by an external partner, has examined everything from user rights and users in active directory to backups and incident management process. As this article is written Samlink has just received the first draft of the assessment report and is going through the results. The focus of the report is to highlight what we in Samlink can do to minimize the probability of ransomware attacks and what steps can be taken to mitigate the impact of a ransomware attack.

The reason for conducting this assessment is the global increase in ransomware attacks, especially in the light of the ongoing war in Ukraine. This war has led to the emergence of a new type of ransomware that only encrypts information but does not demand a ransom. Its sole purpose is to destroy and cause chaos in an organization.

In parallel to the ransomware readiness assessment, we have internally run through an internal tabletop exercise related to our ransomware playbook. The playbook describes the different phases of a ransomware attack, including detection, analysis, containment, eradication, and recovery, and what actions different stakeholders in Samlink should take during each phase. After some updates at the end of March, it is time to conduct a larger tabletop that also includes Kyndryl, and in April a tabletop that includes our Clients.