What to Do If You’re a Ransomware Victim
If you’re a victim of ransomware, you’ll know it. Often you’re met with a red screen telling you your business files are encrypted. You won’t be able to do anything on the computer, although the cybercriminals will provide helpful instructions for how to pay up. How nice.
Cybersecurity Ventures predicts ransomware will impact businesses every 11 seconds in 2021. Yes, you read that right. That’s up from every 14 seconds in 2019. Another research company reported ransomware increasing 485% year-over-year in 2020.
Know that it’s widely considered a bad idea to pay the ransom, because you’re rewarding the cybercriminal. Plus, you can’t even be sure that they will provide the encryption key needed to regain the use of your files. What! You were going to trust the bad guys?
Here’s what to do instead if you’re the victim of a ransomware attack:
The Important First Step
The first thing you’ll want to do is make it all go away. Although, wishful thinking is not going to get the job done. Instead, you’re going to have to turn immediately to your disaster response plan, because, of course, you already have one of those. Seriously, don’t underestimate the value of planning in advance for IT infrastructure compromise. Being proactive means calm, considered decisions rather than reacting in a crisis.
Click here for more reasons you should have current Business Continuity plans in place.
Step one is going to be identifying the systems involved and isolating them. Once you detect a compromise, limit the spread of infection by disconnecting the devices affected. Ideally, you take only a few computers offline or disconnect an individual network. Even in a large-scale compromise, remove all affected devices from the network to contain the malware.
As part of the isolation, don’t forget to disconnect any connected devices such as storage drives. The ransomware infection will even seek out USB thumb drives.
Only power down the affected devices if you are unable to disconnect them from the network. Why? Because turning them off means you might lose potential evidence.
Additionally, cybercriminals may be monitoring your business communications. So, move offline to coordinate your response. Phone calls or text messaging will work, or personal email accounts.
Don’t attempt to restore critical systems until you have identified and isolated the threat. After that, your business can move into triage mode. Prioritize what to restore, and recover using your data backup (again, you already have one of those). Consider how critical each system is for health and safety and revenue generation. Then, get to work restoring systems in an efficient, organized fashion.
Minimizing Ransomware Risk
Ransomware is a major threat to every business sector, and you don’t want to become the next victim. Common best practices include:
- Preventing an attack with anti-virus and anti-malware tools
- Installing email filters to keep phishing emails from reaching your employees
- Making frequent backups and keeping them separate from your network
- Keeping up with ransomware and other cybersecurity threats
Businesses that partner with a Managed Service Provider (MSP) have someone supporting their efforts to cut ransomware risk. Plus, if the worst happens, the MSP’s IT experts are at the ready to identify and isolate the threat. They can find the samples needed, determine the malware strain you are dealing with, and report the attack.
Your data backup should have recent copies of all information up to (or close to) the time of infection. So, once the MSP has removed all ransomware, they will wipe your systems and storage devices. They can swiftly reformat the hard disks and reinstall everything from scratch.
An MSP can help you plan ahead to contain the damage from a cyberattack. Let our IT experts install best practices, set up safe backups, and track activity on your network. Get started today and avoid being Ransomware’s next victim.
STG IT Consulting Group would love to meet with you and help keep your business secure.
Click here to schedule a free 15-minute meeting with Stan Kats, Client Engagement Specialist and Senior Technologist.
We proudly serve the Los Angeles and West Hollywood area for all of your IT needs. We look forward to meeting with you!