Network Security: Surviving a Ransomware Attack

by

It happens. And it happens more often than reported. Ransomware has been a huge threat to businesses for many years. And although the FBI has recently stated that there is a decline in attacks, businesses should remain aware of the possible ransomware attack. It is in times like these we let our guard down, only to be challenged by a security breach that threatens your business.

Ransomware is under the group of malwares. Perpetrators can lock your system and encrypt files that are vital for your business. Often, these attackers will demand monetary payment in order to release your files. No one is immune. Attackers will threaten any size business, from small to Fortune 500.

Is there a way to resist the threat? If a ransomware attack happens, is there a way to survive? It all starts with a bit of preparation and if the worst-case scenario should happen, an action plan.

Before the Threat: Prevention

It is always best, no matter the situation, to prepare for what could happen. We put jumper cables in our vehicles and extra clothes in our carry-on suitcases. Why? To be prepared. The same goes for our network security and surviving a potential ransomware attack.

You should have a strategy in place that outlines the steps your business should take if a ransomware attack occurs. This includes who is responsible for what, emergency contacts, contacts for all departments and a timeline of duties. As soon as an attack is noticed, you have mere minutes to get it under control. Prepare your workforce with an incident strategy that is tailored to fit this type of occurrence.

What else can you do to help prevent your data from entering the wrong hands?

  • Back it up. You need to backup all of your data and encrypt it. Better yet, use multiple backups for data. One of the best ways to come back after an attack occurs is by retrieving the data you have in your backup system. Plus, it makes it more difficult on hackers to reach your data when it is kept under lock and key.
  • Keep anti-virus software updated.It happens to all of us. We don’t take the time to update when that pop-up comes up on our computer screen. However, it is critical that we take the time to keep our anti-virus software updated. Most updates are created to fix security holes that were found in the previous version. You don’t want those holes to interfere with your network.
  • Educate your workforce.Listen, you can only do so much on the frontlines by yourself. You must teach your employees or colleagues how important it is to remain vigilant. Show them what a potential phishing email looks like and why they should use difficult to crack passwords on their devices. If they are using their work devices at home, make sure they understand the importance of using a secure network.

During the Threat: Taking Action

Even after a ton of preparation, sometimes the worst can still happen. Cyber criminals are not picky when it comes to choosing their next victim. If you find that files are missing, files have been renamed with unusual names or another tell-tale sign of ransomware, it is time to act fast. Let’s go over the steps you should take once disaster attempts to strike.

  1. Understand your ransomware attack. You must understand what you are up against before you can fight it off. You also must understand how much downtime you are planning to have and what needs to take place next. If you suspect that it is ransomware, you may be asked to pay a ransom for your files or restore from a backup. It’s time to communicate to your IT department and those responsible for next steps.
  2. Shut it all down.It’s now time to shut down all areas of share within your network. Although you have been infected, you can stop it now to keep the attacker from gaining access to any other files or information. Those in charge will likely shut down all critical systems.
  3. Find the infection.If you are a relatively small network, this is relatively easy to do. If there are new files, who is the owner of the files? You can also view open files on the shares that have been contaminated to see which users are now infected. It’s critical to disconnect all infected devices from your network immediately. Identify the infection so you can move ahead with the best option for recovery.
  4. Choose to backup or pay. In some cases, if you have good backup options, you can backup and restore your data without paying the ransom the criminal is asking for. If not, you will need to pay in order to get your data back. Backups can take time to restore, so ensure you have the best backups available beforehand. It is best to do a test backup every so often in preparation. If you are going to pay the ransom, it will need to be paid in bitcoin, which you will need to purchase.
  5. Getting back to normal.Once the ransom is paid, you may have to use the attacker’s own software to decrypt your files. If you choose to back up your files, you will be back to normal after several hours. Have a plan in place during this downtime for keeping business going as usual.

You can survive a ransomware attack by being prepared and having a strategic plan in place. All businesses, no matter the size, are all considered viable for cybercrime. With technology growing each day, it is imperative that you prepare and understand the process from start to finish.