My Business Got Hit With Ransomware. Now What?
We’ve all heard the horror stories of companies that have had their data or computers held hostage.
Ransomware attacks are sophisticated cyber attacks that can happen to any business, in any industry, in any part of the world.
If your business has been hit with ransomware, don’t panic. It’s nothing to be embarrassed about and nothing to be ashamed of. Even major companies like FedEx aren’t immune to ransomware.
Here’s what you need to know if your business has been the target of a ransomware attack.
START CONTAINMENT IMMEDIATELY
The first thing you want to do is to contain the malware as quickly as possible. Contact your IT team or your managed security service provider as soon as you are aware that you’re being hit with a ransomware attack. Your team will advise you on the appropriate steps to take.
You will likely need to isolate affected devices from your network to prevent the further spread of the malicious software. Ransomware can spread quickly across open shares on your network and make it difficult to remove.
Disable sharing across your network to help prevent the spread of the malicious software. If you’ve built custom firewall rules through Windows Defender, implement them immediately to help prevent your networked computers from communicating and passing the malware. You’ll also want to block any inbound internet connections to your network through your firewall.
Once you’ve isolated the malware and any affected systems, it’s important to identify the source of the malware and when it infected your systems. There are a multitude of ransomware attack vectors, so follow the advice of your IT team or managed security service provider and listen to their specific instructions for your business. If your business had an effective backup system in place, you may be able to restore your data from a backup date prior to when the malware infected your systems.
ALERT THE AUTHORITIES
Ransomware attacks are illegal, and the authorities need to be made aware that a crime has been committed. If your business has been the victim of a ransomware attack, your first step should be to contact your local FBI field office.
The authorities have access to previous reports and may be able to identify the way you were attacked and help you resolve your issue. They can also add the details of your incident to a new report to help them identify patterns in the future.
It’s important to be upfront and honest about the attack internally and externally. Communicate honestly with stakeholders in your business, which can include your employees, your customers, the media, and state and local leaders. Effectively communicating with these groups can help you maintain trust that you’re continuing to work in their best interests.
You’ll also need to follow up with your insurance company and your legal team.
SHOULD I PAY?
The answer to this is an emphatic NO!
Not only does paying ransomware demands reward the attackers, it emboldens these criminals to demand more money and to continue attacking others.
There’s also no guarantee that the hackers can or will release your data and systems back to you. Worse still, paying could cause your business to be the victim of another attack by the same criminals.
In fact, data shows that 80% of people who experience a ransomware attack and pay are the victims of another attack. And 46% of ransomware victims who received their data back after paying found that some or all of it was corrupted. In short, don’t pay!
HOW TO PREVENT FUTURE ATTACKS
The single most important thing you can do to help mitigate the damage done by a ransomware attack is to back up your data regularly. There are multiple ways you can back up your data, from redundant external hard drives to cloud services, so you’ll want to find the right option for you.
If you don’t already have a playbook compiled for dealing with a cyberattack, make it a priority. Having a plan for how to deal with a ransomware attack can save you valuable time in containing the malware. That includes making sure you have an IT team or managed security service provider in place to handle the technical side of things.
Ransomware attacks happen two ways — via machines and humans. That’s why it’s always a good idea to keep your staff up to date on cyber security best practices.
Cyber criminals are becoming more sophisticated every day and are becoming more clever about tricking unsuspecting staff members. Conduct frequent training with your employees to help them identify phishing emails and require frequent password changes to help minimize the threat of an attack.
Our team at Cornerstone Technologies stands ready to help you face cyber security in the 21st century. We work in conjunction with IT teams to mitigate the risk of ransomware attacks and to prevent them all together. We focus on the day-to-day security of your systems so that your IT team can look at the bigger picture of protecting your growing business. Contact us today to find out how we can help keep your data and your network safe!
