One of the most devastating types of malware that a business can face is ransomware.
It’s particularly costly because it can cause major downtime. Plus, there is the fact that it’s the one type of malware that comes with a ransom demand. If a ransom is paid, the hacker states they will return access to the user’s data.
As of Q1 2020, the average ransomware demand was $111,605, which is about 33% more than the previous quarter. Unfortunately, ransomware continues to be lucrative for cybercriminals, which is why both attack volume and ransom demand amount have been increasing each quarter.
When ransomware gets past security defenses and infects a system, it quickly spreads from one device to another and can also infect syncing cloud storage accounts.
The malicious code encrypts files (or hides them) making them unreadable. This often results in multiple company systems that rely on databases to be down.
In September 2020, the Newhall School District in Santa Clarita Valley was hit with ransomware, causing the shutdown of distance learning for 6,000 elementary school students. The attack made the district’s server and email unusable.
Ransomware can infect a system several ways:
- Phishing email
- Injection from malicious website
- Trojan malware
- Infected USB device
- Social engineering attack
When hit with ransomware, it’s important to know the immediate steps to take to mitigate the cost and damage.
Take These Steps Immediately In the Case of Ransomware
There are typically two main signs that your device or network has been infected with ransomware:
- You can’t access or read your data
- A ransom note appears on the infected device(s)
How well you can weather a ransomware attack and mitigate the damage will depend greatly upon whether or not you have a complete backup of all your data (both on-premises and cloud platform).
Being prepared by knowing what to do and running a drill of your users going through these steps can help you be as prepared as possible to react quickly if ransomware is detected on your systems.
Step 1: Disconnect the Infected Device from Any Networks
Because ransomware is designed to spread quickly through a network, the first thing you want to do is disconnect the infected device from any local or Wi-Fi networks.
Do not turn the computer off at this point, it needs to be looked at by an IT professional and turning it off could make things worse.
What you want to do is physically disconnect any ethernet connections and use the Wi-Fi settings to disconnect the device from your wireless network.
Step 2: Take a Photo of the Ransom Note
The type of ransom note that shows up on the screen after a ransomware attack can often be an indicator to an IT professional, like Neuron Computers, of what type of ransomware you’re dealing with.
Not all ransomware is as destructive as others. Some completely encrypt data and you need to have the encryption key to decrypt it. But others only make the data inaccessible, but don’t use encryption to scramble it.
Take a photo of the note on the screen and send it to your IT professional right away.
Step 3: Locate Your Backup (If You Have One)
Next, you’ll want to determine whether or not you have a full backup that can be used to restore all your data. You don’t want to do any restoration yet, as the ransomware would need to be removed first.
But your next options will be determined by whether or not you have a backup you can rely on, because this will keep you from having to consider paying a ransom.
Step 4: Have Your IT Professional Review the Extent of the Damage
You should have an IT professional review your systems to identify the extent of the damage and what should be done next. If you jump right into trying to run a malware removal program, you could lose all hope of getting your data back if you don’t have a backup.
An IT pro will be able to give you your options according to what type of ransomware it is, and your backup restoration options. We will remove the ransomware once it’s safe to do so.
Step 5: Restore, Lose Data, or Pay Ransom
This is where you have to decide how to move forward in restoring your data and system access. Most businesses are at a standstill after a ransomware attack, so getting systems back up and running as quickly as possible is vital to their bottom line.
If you have a backup, your IT partner can remove the ransomware and restore your data. Then, we’ll investigate how the ransomware infection happened, so we can tell you how to keep it from happening again.
If you don’t have a backup to restore, you have a difficult choice. You can pay the ransom and hope the criminal upholds their end of the bargain and gives you the key to restore use of your data. Unfortunately, this emboldens the attackers to keep doing these types of attacks.
Your other choice if you don’t have a data backup and the ransomware is a type that encrypts your data (rather than just hides it) is to lose your data and have to recreate it.
Get a Free 21-Point Cybersecurity Audit
How vulnerable are your devices to a ransomware attack? Neuron Computers’ free 21-point cybersecurity audit can tell you how vulnerable you are and help you proactively protect your network.
Contact us today to schedule a free consultation. Call 1-833-4-NEURON or reach us online.