Ransomware Recovery and Prevention: Do’s and Don’ts
Since the start of the COVID-19 pandemic, cyberattacks against businesses have skyrocketed. Among the various attacks used by hackers, ransomware has become a significant threat, as it can shut down operations by encrypting files and holding them hostage until a fee is paid. To make matters worse, ransom fees are continuing to rise. The average ransom demanded has increased from $5,000 in 2018 to about $200,000 in 2020.
This article will discuss the steps businesses can take when a ransomware attack is encountered. We also provide some tips for avoiding them.
Recovering from a Ransomware Attack
The overall cost of ransomware attacks is expected to surpass $20 billion by 2021. To protect themselves, businesses should formulate strategies to minimize the impact if they happen to fall prey. Here are five steps to take during a ransomware attack:
1. Do not pay the ransom fee
Paying the ransom does not ensure that a business will get their data back. The hackers may not keep their word, and even if they do the decryptor might not work, as was the case with the ProLock ransomware.
Additionally, paying does not guarantee that the business will not be extorted further. In one study it was found that 80% of organizations who paid a ransom were attacked again by the same hackers or another group. By paying, an organization can become a bigger target because they are demonstrating their willingness to pay.
On top of the ransom fee, businesses will need to cover the losses created by the attack, such as downtime. As a result, the expense of dealing with an attack can be doubled when a ransom is paid. Instead, we recommend trying other methods to recover data, some of which are discussed below.
2. Identify and isolate the affected systems
In combating ransomware attacks, detection rate and quickness are essential. If a system is suspected of being infected, the first step is to isolate it from other computers and storage devices. Next, it should be disconnected from the network as well as any external storage devices. Isolating the affected system will prevent malware from interacting with the command-and-control center over the network. More than one system might be infected with malware, so this may be a multi-step process. This method will hopefully stop the attack in its tracks, and decrease the impact.
3. Report the attack
Next, businesses should notify the authorities about the attack. This will assist authorities in identifying the perpetrator and provide insight into how they select their targets. While organizations might not receive immediate benefit from this action, it may be beneficial in the future by helping to reduce attacks.
4. Start fresh and restore from backup
There are various software solutions on the market that promise to remove ransomware from computers. However, the more recent and complex the ransomware, the longer it will take to build a program to decrypt the information. Modern attacks utilize a unique encryption key for each target, so even a powerful supercomputer could take a substantial amount of time to locate the correct key for an individual victim.
Therefore, the best course of action is to erase all storage devices and start over, reinstalling everything from the ground up. After all traces of malware have been removed, backup and recovery solutions can be used to recover the data.
5. Put measures in place to prevent reoccurrence
Businesses are at risk for repeat attacks, even after restoring their systems. As mentioned earlier, 80% of organizations paying a ransom were subjected to a second attack. Therefore, organizations should implement protective measures to lower the risk of repeat attacks.
Preventing Ransomware Attacks
Ransomware attacks are evolving, and attack tactics are becoming more complex. Thankfully, businesses can keep ransomware from infiltrating their systems with careful preparation and smart procedures. Here are five practical strategies to keep ransomware from infiltrating an organization:
1. Educate employees
There are many ways that employees can stop cyber-attacks from happening. The human element is involved in 85% of data breaches. Therefore, training employees to take precautions such as protecting their passwords and not clicking on suspicious links greatly decreases the risk of infiltration.
2. Use email and endpoint protections
All emails should be checked for dangerous attachments and URLs. Additionally, firewalls and endpoint detection software should be kept up to date with the most recent malware signatures. Users should be alerted of out-of-network emails and provided with VPN access when they are not on the network.
3. Implement an Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) scans network traffic records for malicious behavior by comparing them to signatures that recognize known malicious activity. A strong IDS will often update signatures and give a warning if it finds potentially harmful behavior.
4. Keep systems up to date
All an organization’s operating systems, apps, and software should be kept up to date. The most recent updates will assist in closing security gaps that attackers can exploit. Businesses should turn on auto-updates whenever feasible to ensure that the most recent security fixes are in use.
5. Maintain frequent backups
Businesses should perform frequent backups of any essential or sensitive data and systems. It is also important to have a plan in the case of a ransomware attack. Access to backup files should be limited since attackers frequently target backup files to prevent an organization from restoring data. Backup data that has been infiltrated cannot be used to restore data. This where a 3-2-1 backup strategy shines best, as it ensures there is always 3 copies of data including one offsite.
Taking Precautions Against Ransomware
Over the previous two years, cybercrime has surged. Changes in infrastructure due to COVID-19 brought several security flaws into previously well-secured networks, leaving many organizations vulnerable to cyberattacks. Preparedness and due diligence in an organization’s IT systems and practices are the most effective ways to prevent ransomware.
Outsource IT are the go-to experts in the Greater Toronto area and Ontario when it comes to IT security and ransomware prevention. To learn more about or Business IT Security services contact an Outsource IT account manager today.