What You Need to Know About Ransomware Attacks
Ransomware is an ever-evolving form of malware designed to encrypt all files on a device, making them unusable. The malicious actors then demand ransom in exchange for decryption. The incentives to pay are either the data is needed to keep your business operational or, the threat of leaking the data – including authentication information – is far too great. These are skilled hackers who know most small business owners can’t afford a $100,000 ransom, so they make they demand an amount that is just tempting enough to make the problem “go away”. Ransomware is most often spread through a phishing-scam (“fishing”) or drive-by downloads, which are installed without the user’s knowledge. Ransomware compromises systems and data, but the attacks that lead up to it target people. Like most cyber-attacks, ransomware usually requires someone to act on the attacker’s behalf, such as opening an attachment or clicking a URL. According to Cybersecurity Ventures, ransomware attacks are on the rise globally with an estimated cost to organizations of $20 billion by the end of 2021. In the last quarter of 2020, the average ransomware demand amount increased to $84,116, per incident with the highest-reported payment of $780,000. A Ponemon poll shows that most companies are ill-prepared for a ransomware attack. Although 66% of those surveyed agree that Ransomware is “very serious,” only 13% said their company is adequately prepared for it.
While the best defense is an offense, you must also be prepared to act if you are attacked.
Maintain an Offline Backup of Data
Almost all of our requests for data recovery after a Ransomware infection have a backup that was also infected. This means most businesses that keep a backup are running and storing them on the same network, allowing hackers to access backups as well as primary data. Storing a backup off the network is one of the safest options to ensure there is always at least one reliable backup available.
Call Law Enforcement Ransomware—like any form of theft and extortion—is a crime. Notifying the proper authorities, such as the FBI, is a necessary first step.
Disconnect from The Network The moment employees see the ransomware demand or notice something is odd, they should disconnect from the network. Only IT professionals should try to find out if the attack is real or a fake scare-ware malware designed to prompt a telephone call to a group that can help remove the ransomware. If several systems appear impacted, take the entire network offline at the switch level. This is the most efficient means to disconnect all individual systems during an incident. If taking the network temporarily offline is not easily carried out, find the network cable and unplug each device from the network; don’t forget to turn off Wi-Fi as well. Many ransomware infections are often the result of secondary infections on already compromised networks. That means each of the factors is critical in assessing the scope of the problem and preventing further infections and data loss.
Orchestrate a Response
A big part of your response is deciding whether to pay the ransom. The answer is complicated and may require you to consult law enforcement and legal counsel. In some cases, paying may prove unavoidable. In any case, organizations must continue thoughtfully.
Restore From Backup The only way to completely recover from a ransomware infection is by restoring everything from an uninfected backup. But even with recent backups, paying the ransom may make more financial and operational sense.
Conduct a Top-to-Bottom Security Assessment A top-to-bottom security assessment will find threats that may still linger in your environment. Take a hard look at your security tools and procedures—and where they fell short.
Some ransomware is delivered through other threats or backdoor Trojans that can lead to future attacks. Often, the victim’s environment was already compromised, opening a door for the ransomware. Look closer for hidden threats that you may have overlooked in the chaos.
Educate Employees It is critically important to conduct regular and comprehensive cybersecurity awareness training for employees. There is a range of learning methods to help raise awareness of Cybersecurity threats, which ultimately reduce the risks associated with cyber-attacks and embed a culture of security compliance in your organization.
Review your threat preparedness, the chain of events that led to the infection, and your response. Without figuring out how the ransomware attack got through, you have no way of stopping the next attack.
If you’re concerned about the cybersecurity at your company, or you just want to know if these vulnerabilities exist on your mail sever, contact us. We can tell you right away what your risks are. Roark Tech Services offers a free cyber-fit assessment that can determine where your business has vulnerability and help you create a plan around best practices that will not only keep you safe but demonstrate compliance with the State laws.