RANSOMWARE – What it is, how to handle an attack, and how to prevent your business from being vulnerable in the first place

What is Ransomware?

Ransomware is the most common malware threat out there. A Ransomware attack is a situation in which a hacker keeps your data encrypted until a ransom is paid. It comes in many variants (such as CryptoLocker, Petya, and WannaCry) but it’s constantly evolving, making it very difficult to protect against. And although the average amount of ransom requested is $5,900 (and rising year-over-year), the average cost of downtime from a single attack can be as high as 23x the ransom requested! Here are a few more facts about ransomware:

  1. Who’s at risk? One in five SMBs (small and mid-sized businesses) report they’ve fallen victim to a ransomware attack. SMBs who don’t outsource their IT are more at risk.*
  2. Where do the risks come from? Phishing emails are the leading cause of successful attacks. Lack of cybersecurity training, weak passwords, and poor user practices are among the other top causes.
  3. How can the risks be reduced for SMBs? Four in five clients recovered within 24 hours or less when they had a Business Continuity & Disaster Recovery plan in place with the support of a trusted IT services provider.

How do you handle a ransomware attack?

Hopefully you’re working with Team Xperts or another Managed IT Services Provider to proactively protect and monitor your network so this is less likely to occur. If you’re coming to us after an attack or because of one, you’re likely looking for help and fast! Check out the below checklist to ensure you are taking the right steps, and of course, reach out to us if you need help now or moving forward.

  1. Shut down infected systems immediately – To avoid ransomware spreading, disconnect the infected device from any network it is on and turn off any wireless capabilities such as Wi-Fi or Bluetooth. Unplug any storage devices such as USB or external hard drives.
  2. Determine the strain and the scope – Ransomware usually identifies itself so understanding which strain it is can help you decide how to remove it. This is also helpful to know when reporting the attack. Next, determine how many devices were infected, as well as what kind of data was encrypted.
  3. Report the incident – You should let your organization know about the attack but it’s also important to report it to the FBI or your local authorities depending on where you are located. This is to help them gain an understanding of ransomware and its impact on victims.
  4. Evaluate your options – If you don’t have a backup solution, your other options are to do nothing (lose your data) or decrypt your files using a 3rd party decryptor. If all else fails, you can pay the ransom but beware of this option as it increases the chances that you’ll be targeted again.
  5. Prevent future ransomware attacks – The first step in preventing future ransomware attacks is to educate your employees on cybersecurity awareness. You should also invest in endpoint security with a firewall or third-party service that protects against ransomware. Finally, you should implement a business continuity plan. While business continuity can’t prevent ransomware from attacking, it can prevent it from succeeding. Xperts Unlimited can do all of the above for you from employee training to making sure you have the right security and plan in place.

How do you prevent ransomware attacks?

As mentioned in the last point above, educating employees, investing in the best firewall and endpoint security, and implementing a business continuity and disaster recovery (BCDR) plan will mitigate attacks and/or also reduce the success or damage should your business get that dreaded “your files have been encrypted” message.

Give us a call at 424-835-2964 or request a consult to the right to learn more about how to prevent your business from having to go through the above steps at all.

*Source: Strategy Analytics’ proprietary research of the North American SMB market.