Ransomware attacks continue to dominate headlines as a costly and prevalent method of cybercrime. According to a recent study by Sophos, ransomware attacks plagued 51% of organizations, and 73% of these attacks were successful in encrypting data. With essentially a 1 in 2 chance of being hit, it is as important as ever to have a mitigation and recovery strategy in place to protect your business.
Ransomware – defined by the United States Cybersecurity and Infrastructure Security Agency (CISA) as “a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable” – is a major threat to businesses in all sectors and of all sizes. Operating under the advised assumption that you will be hit with a ransomware attack, here are some recommended steps as to what you should do next:
Stop the Bleeding
One of the first steps, if not THE first, to take when you’ve been attacked is to isolate the infection and prevent it from spreading within your organization’s network. Of course, the longer the ransomware goes without being detected and stopped, the more it will proliferate and compromise additional systems. Once you suspect you’ve been the target of an attack, you want to take it completely offline as quickly as possible (think wired AND wireless), in addition to removing any externally connected storage devices.
Identify Details and Report to the Authorities
Don’t just rush to rip your device’s power cord from the outlet and power it off, as this can erase potentially valuable evidence that may aid in the recovery process. Oftentimes attacks of this nature are identifiable, and details can be gathered which can help you (and the authorities) understand things like what type of ransomware you’ve been hit with, how it was delivered onto your system, how it spreads, what file types it targets, etc. It is always advised to report as much information as possible to the authorities, such as CISA or the FBI.
Cleanse the Infection
While there are software solutions offered by different vendors or sites that could potentially remove the malware from your system, there is always the chance that some remnant or trace of it will persist, especially given the ever-evolving nature of new forms of ransomware/malware. Though it may seem drastic at first (more on that ahead), the safest and most effective method of making sure the threat is entirely eradicated is to wipe your storage devices and start anew with clean installations. By formatting your drives, it ensures you are starting back up from a clean slate as opposed to continuing on a device that may still be compromised, even though it might appear safe.
Data Recovery and Backups
Since we’ve already established that it is not a matter of “if” but “when”, hopefully your potential losses are mostly, if not completely, mitigated by the backup strategies already in place within your organization. Being prepared for an attack by maintaining a robust backup solution is vital to minimizing or even eliminating the impact, and is why the previously mentioned suggestion of wiping a storage device is not as drastic as it may sound. Think about it – once you are a victim, you typically would have one of two choices: 1] Pay the ransom (note: this is usually not recommended) or 2] accept your losses and push on without the data. Both of these options leave you and your company in the loser’s column. However, if you have an offline, resilient, and up-to-date backup solution implemented, such as Continuous Data Protection (CDP), you can restore your newly-wiped machines to just the way they were before the attack.
If your business has ever been the victim of a ransomware attack, hopefully you made it through relatively unscathed. Whether it was a minor inconvenience or a million-dollar payout, it’s important to make sure to take the steps necessary to minimize the chances of being hit again. There are lots of steps that can be taken including antivirus software, EDR solutions, web filtering technology, and phishing & security awareness training to name a few. Remember, the more you do to prepare, the better you can respond.
Let CyberData Pros help you understand where your data sits, access control, and how to protect that data. Contact us now for a free consultation and to learn more about our services.