So, here is the scenario: you’re sitting at your desk working away and suddenly realise an attacker has taken over your screen. The threat actor is now demanding a hefty payment in exchange to release access to the system. You immediately report the incident to the Chief Information Officer and wait nervously to see what happens next. How will your organisation respond to this ransomware attack? Typically, most organisations would pay the ransom to get their confidential and sensitive data back in their hands – as it might seem like the least expensive option. If they take this decision, will it then stop the attacker from leaking the information if they wanted to? No, it would not! So how do you protect your organisation after the attack? Let us start by identifying how the attack happened in the first place.
How did we get into this ransomware situation?
There are several ways to trigger a ransomware attack and the most popular one is to deliver phishing emails to individuals’ company inboxes. A phishing email may contain a malicious link connected to malware, and if an employee clicks on the link, this could lead the malware to establish a foothold and spread across the entire system – giving the attackers precisely what they want. But why did the employee click on the malicious link? One reason is that the number of phishing emails doubled in Q1 of 2020 (due to working from home) and it’s still rising in 2021 as reported by the Anti-Phishing Working Group. Now that seems worrying. A second reason is that threat actors are getting cleverer with inserting malware into attached office documents within the emails. A recent report by Netskope stated in Q1 of this year, 43% of all malware downloads were delivered through Office documents.
So with all these statistics and odds stacked against organisations from avoiding an attack, you must be looking for a ransomware readiness and recovery plan. The good news, the Crew has advice on what to do after ransomware hits.
5 tips to help you say ‘back-off’ and ‘goodbye’ to Ransomware attacks
1) Double triple check you have been hit by Ransomware
You could come across several unusual pop-ups on your screen, but it does not necessarily mean that you have been hit by Ransomware. Most of the time, Ransomware attackers will identify themself when the malware asks for payment.
Distinguishing the Ransomware will assist you with understanding what sort of Ransomware you have been hit by, how it engenders, what kinds of documents it scrambles, and perhaps what the alternatives are for evacuation and sterilisation. It additionally will empower you to report the assault to specialists, which is suggested.
2) Isolate the ransomware attack
The speed in recognising a Ransomware attack is critical for battling with fast-paced assaults before they gain victory in spreading sensitive data across networks.
So, what should you do? When a device is suspected of being attacked, the smart thing to do is to isolate it from other devices used for storage, such as wired internet providers, WiFi and external storage devices. Threat actors eagerly seek connections with other devices or networks, so you must avoid that from occurring.
Tip: The Ransomware may have entered through multiple devices in your organisation or home, so you must investigate every device with suspicion.
3) Figure out the removal of ransomware
You should try to AVOID is to pay the ransom if possible. This only encourages threat actors to commit more crimes. Let us look at it this way, it is like inviting burglars into your property monthly to rob you. Who does that?
This leaves you with two options: trying to remove the malware or opt for wiping out your entire system and reinstall it from scratch.
Tip: Recent research shows that organisations who paid the ransom were only able to recover 65% of their files, so it is not guaranteed you will get your files back.
4) Notify your employees
No matter how big or small the Ransomware attack is, your business will be disrupted. If your business falls victim to Ransomware, it is essential to have an emergency plan in place that includes notifying the staff. Ransomware does not need to affect every member of staff, but they must be aware of it to start taking every action to prevent the malware from spreading. Notifying should also include informing vendors, stakeholders and clients about the breach.
Tip: Staff must be provided with alternative platforms or communication channels to continue with daily tasks. Do due diligence to ensure these platforms are encrypted if critical information is being shared across them.
5) Protect Your Data
Having an uninfected backup of your sensitive data in the cloud is always advantageous because it helps avoid paying ransoms. This way, when your system does get attacked, there is no need to panic. Instead, let the attacker keep the decrypted version, and you can start working on wiping out the infected files and upload the clean version.
The only downfall with this option is that you are constantly making amendments to old files as well as creating new ones, so you must ensure to perform backups regularly.
Tip: This also depends on how substantial the changes are, so you should perform backups accordingly.
Ideally, you do not want to wait until you suffer from Ransomware. In short, the smart way to protect your business from Ransomware is to prevent it from happening in the first place. So how can you do that? Risk Crew offers a simple and effective service to answer that question by testing your business’ “readiness” for a ransomware attack and its ability to recover from one – in the event it fails. The service is based on industry established best practices – that actually work – and includes simulated ransomware attacks to test your real-world response capability.
Wait! That’s not all the service includes…