Ransomware Attack! What You Should Do Next

Ransomware Attack! What You Should Do Next

Ransomware attacks continue to dominate headlines as a costly and prevalent method of cybercrime. According to a recent study by Sophos, ransomware attacks plagued 51% of organizations, and 73% of these attacks were successful in encrypting data. With essentially a 1 in 2 chance of being hit, it is as important as ever to have a mitigation and recovery strategy in place to protect your business. 

Ransomware – defined by the United States Cybersecurity and Infrastructure Security Agency (CISA) as “a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable” – is a major threat to businesses in all sectors and of all sizes. Operating under the advised assumption that you will be hit with a ransomware attack, here are some recommended steps as to what you should do next:

Stop the Bleeding

One of the first steps, if not THE first, to take when you’ve been attacked is to isolate the infection and prevent it from spreading within your organization’s network. Of course, the longer the ransomware goes without being detected and stopped, the more it will proliferate and compromise additional systems. Once you suspect you’ve been the target of an attack, you want to take it completely offline as quickly as possible (think wired AND wireless), in addition to removing any externally connected storage devices. 

Identify Details and Report to the Authorities

Don’t just rush to rip your device’s power cord from the outlet and power it off, as this can erase potentially valuable evidence that may aid in the recovery process. Oftentimes attacks of this nature are identifiable, and details can be gathered which can help you (and the authorities) understand things like what type of ransomware you’ve been hit with, how it was delivered onto your system, how it spreads, what file types it targets, etc. It is always advised to report as much information as possible to the authorities, such as CISA or the FBI. 

Cleanse the Infection

While there are software solutions offered by different vendors or sites that could potentially remove the malware from your system, there is always the chance that some remnant or trace of it will persist, especially given the ever-evolving nature of new forms of ransomware/malware. Though it may seem drastic at first (more on that ahead), the safest and most effective method of making sure the threat is entirely eradicated is to wipe your storage devices and start anew with clean installations. By formatting your drives, it ensures you are starting back up from a clean slate as opposed to continuing on a device that may still be compromised, even though it might appear safe. 

Data Recovery and Backups

Since we’ve already established that it is not a matter of “if” but “when”, hopefully your potential losses are mostly, if not completely, mitigated by the backup strategies already in place within your organization. Being prepared for an attack by maintaining a robust backup solution is vital to minimizing or even eliminating the impact, and is why the previously mentioned suggestion of wiping a storage device is not as drastic as it may sound. Think about it – once you are a victim, you typically would have one of two choices: 1] Pay the ransom (note: this is usually not recommended) or 2] accept your losses and push on without the data. Both of these options leave you and your company in the loser’s column. However, if you have an offline, resilient, and up-to-date backup solution implemented, such as Continuous Data Protection (CDP), you can restore your newly-wiped machines to just the way they were before the attack. 

If your business has ever been the victim of a ransomware attack, hopefully you made it through relatively unscathed. Whether it was a minor inconvenience or a million-dollar payout, it’s important to make sure to take the steps necessary to minimize the chances of being hit again. There are lots of steps that can be taken including antivirus software, EDR solutions, web filtering technology, and phishing & security awareness training to name a few. Remember, the more you do to prepare, the better you can respond.

Let CyberData Pros help you understand where your data sits, access control, and how to protect that data. Contact us now for a free consultation and to learn more about our services.

read more

VCPO Services That Make Sense

Let’s face it; privacy can be a pain for businesses. It can feel like a burden on your company’s time and resources, and be overwhelming to manage with mountains of governmental oversight and regulation to navigate. As the digital age continues forward, it has become more and more obvious that these are not just growing pains that will simply go away. If you own or manage a small to medium sized business, this fact is likely something that has more than just crossed your mind over recent years as you continued to grow. You may be asking yourself; “Am I prepared to handle this data?”, “What kind of risks am I currently accepting?”, “How do I know if my business is handling compliance in a proper way?”.

Enter the Chief Privacy Officer or CPO. The CPO role is designed to answer all these questions, as well as alleviate the burden of data privacy and security compliance. This includes an ever-growing list of international and domestic privacy regulations such as GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), CPRA (California Privacy Rights Act), CPPA (Canadian Consumer Privacy Protection Act), VCDPA (Virginia Consumer Data Privacy Act). A CPO possesses the expertise to build and guide a business through these arduous security and privacy processes. This encompasses simpler things such as a privacy policy, all the way to the not-so-simple things like international consumer data laws and security compliance for the company’s entire network and data infrastructure.

As you might imagine, a role like this is not filled easily, nor cheaply. CPO’s often have decades of experience with paychecks to match, and are in increasingly high demand with the exponential growth of digital and international market spaces. So how is a small to medium business expected to acquire one? Can your business support another C-level paycheck? How about another big, expensive office space? What about supporting staff and equipment? You can see how quickly hiring and implementing a CPO can become a struggle in its own right, especially when you may already be stretched thin in a period of rapid growth, ie, when you might need one the most. Well, there’s a solution for that as well.

Modern problems require modern solutions, which is exactly what a vCPO, or virtual Chief Privacy Officer is meant to be. A vCPO, sometimes referred to as CPO-as-a-Service, can offer experience, knowledge, and expertise in the data privacy and security field that so many quickly growing businesses need, without the daunting costs, resource drain, and complexity associated with building what amounts to an entire new division of the company. The vCPO can offer any and all solutions a traditional CPO can. This includes understanding and implementing both international and domestic privacy regulations, company data ethics and practices such as handling PII (Personally Identifiable Information), as well as incident response planning and documentation. So what allows a vCPO to do all this and still save money? The answer is scalability. A vCPO solution can grow, shrink, and customize itself to the exact needs and challenges of your business as it stands, and as it changes. It brings its own support and resources to you in a neat and tidy package, giving you the ability to focus on growth, and getting privacy and security out the way!

If you feel have additional questions or need a virtual Chief Privacy Officer, contact CyberData Pros and we can help. Let us help put together a plan and keep your business in full compliance.

read more