Ransomware shot into public perception with the 2017 WannaCry attacks that locked the UK's NHS, FedEx, and more out of their PCs and equipment. However, though the WannaCry variant has faded, ransomware remains a popular form of attack on businesses.
According to researchers, new ransomware variants grew by 46% in 2019, with a business estimated to fall victim to such an attack every eleven seconds. Darknet sellers now offer ransomware attacks as a service, as well as kits for users to carry one out themselves.
For businesses, this can be a scary prospect. A successful attack can cause untold damage. Wormable variants can spread throughout a network to lock users out of files unless they pay a ransom – a ransom which may not be honored.
Thankfully, with some pre-planning and the use of modern services, the effect of ransomware attacks can be mitigated without major loss to the business. Here are some steps you can take if you've fallen victim.
Disconnect Infected Machines
The first priority of ransomware is to try to spread to other machines on the network. As a result, it's vital a businesses' employees react quickly. They should be advised to disconnect their PC immediately if they believe they've fallen foul of an attack, whether it's by unplugging the ethernet cable or disconnecting from the Wi-Fi network. You may also want to take steps to secure or disconnect your backup systems.
As ransomware primarily spreads through the network, quick action in this regard can significantly reduce the scale of the issue. Training your employees in this way may result in the occasional false positive, but ultimately it means that any attacker will have to get past your "human firewall" before they can affect the rest of the network.
Inform Your IT Department/Managed Service Provider
Your security team and/or managed service provider should be informed immediately of the attack so they can collect evidence and come up with a plan of action. If you are a VirtuWorks' customer, you may already be taking advantage of several services that can help with this:
- Monitoring and remediation of triggered security alerts
- Continuous weekly penetration scans
- Emerging threats blacklists (blocking of ransomware hosts)
- Log management and alerting
- Real-time visibility of infrastructure stack
- Cyber protection insurance with on-site intervention when needed
- Backup and recovery for data on VirtuWorks infrastructure
Your managed service provider can help you build a strategy to deal with the threat depending on which services you utilize. In collaboration with an IT department and experts, they can also help collect evidence and gather a timeline to prevent incidents going forward. Ideally, you should have already planned who you need to call in such a situation.
If you are compromised by ransomware, you should never panic and pay the ransom immediately, but instead, take a picture of the ransom note. Though some ransomware includes countdown timers, these can be empty threats.
In many cases, paying the fee is not recommended, as this supports criminals and may embolden them to attack your network again. It's not uncommon for regular malware to pose as ransomware, or for data recovery to be possible without paying. Furthermore, paying could land you in hot water with the Treasury Department, which warns that companies could face fines if they're found to be facilitating these criminals.
The decision surrounding payment of a ransom should always be discussed with the IT department, legal, insurers, managed service providers, and ransomware experts.
Employees should be informed of the breach immediately so they can proceed with additional caution. This will also help to explain the necessary downtime due to the investigation.
At the same time, you should be changing user and admin credentials and informing users of their new ones in a secure way (i.e., not over the network). You should also inform law enforcement of the breach, as this is a criminal matter.
Restore Your Backups
If you utilize VirtuWork's data backup and recovery services, any data that's on servers in our cloud will have a recent backup. After audits, threat removals, and security updates have taken place, there's a good chance you'll be able to recover some or all your data.
If you don't have sufficient backups or other mitigations, you're not alone. 50% of IT professionals believe their organization isn't ready to defend against a ransomware attack. In the future, it's important to be proactive by:
- Holding regular awareness training
- Scheduling regular backups
- Deploy OS and software security updates as soon as they're available
- Ensuring users only have access to the permissions they absolutely require
- Deploying modern, AI-based security solutions to prevent email-based attacks and quickly identify threats
Contact VirtuWorks today to learn how we can help you manage and deploy the tools and keep your organization safe.