Normally we like to start these blogs off with a fun little quip. Maybe a quote from a TV show or some kind of fun bit. You know, fun stuff.
But let’s face it – if you’re here reading about what to do AFTER you’ve been hit with a ransomware attack, you’re probably not in the mood for the fun stuff. In fact, there’s not much you’ll be focusing on in the near future besides this topic.
If you’re here by accident or you’re just really curious and want to be super prepared, that’s great, too! In fact, that’s a pretty awesome thing for you to do.
What is Ransomware?
To start things off, ransomware is defined as an ever-evolving form of malware (software specifically designed to disrupt, damage, or gain unauthorized access to a system) designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, and then those malicious actors demand ransom in exchange for decryption.
Many companies fall victim to Ransomware every year. The FBI reported 2,474 complaints of Ransomware in 2020, and victims fell prey to an attack once every 11 seconds in 2021. Globally, the number of Ransomware attacks rose 485% year over year from 2019 to 2020, and demands have hit an incredible $50 million in some cases.
Ransomware Attacks 101
- Infection! Ne’er-do-wellers use a phishing email or other means of installing a computer virus (the ransomware) on your system and anywhere it can reach.
- Secure Key Exchange. The ransomware has connected your and their systems, so in Hollywood hacker lingo: They’re in. And can start controlling your system.
- Encryption. Their system starts to lock accounts, access to files, and more in an effort to create havoc only they can fix.
- Extortion. Once they’ve locked you down, the ransomware will instruct you on how to successfully meet their demands.
- Unlocking? If they decide to release your system once the ransom is paid, count yourself lucky. A recent report found that 42% of organizations that paid a ransom did not get their files decrypted.
Note: It’s always better to stop attacks immediately upon detection and keep frequent backups of your data to ensure minimal downtime in the event of a breach.
To infect your system, cybercriminals take a number of approaches to gain access. From phishing – not the band, the fake emails to trick people into clicking something kind – to generating false SMS authentication messages to even social media and even instant messaging, there are countless ways your team can be at risk.
The only way to truly defend against ransomware is to be constantly vigilant, always monitoring connections to your system and plenty more we covered in our last blog, which you can find here.
So You’ve Fallen Victim to Ransomware… Now What?
It’s not the best situation to be in, but there are absolutely options at this point. Unfortunately, negotiating with cybercriminals is often a lost cause –
Here are four steps to defeat Ransomware and get back to business:
1. Find and stop the infection
Just like any viral attack, detection and isolation is the critical first step to combatting an infection to your system. In the case of connected networks and devices, this means unplugging them manually and digitally from any possible source. It may seem primitive, but the logic is straightforward: A device that isn’t connected can’t be utilized in the breach.
2. Identify the ransomware
Most of the time Ransomware will identify itself through a digital display, informing the infected party (hopefully not but likely you in this scenario) of what’s to come.
3. Report the Attack
No matter what the cybercriminals say, the authorities should be contacted to report the breach; there are many ways to disclose a ransomware attack. Because digital crimes are seemingly invisible to the community at large, reporting digital crimes help watch groups in painting a picture of the threat at large.
4. Determine Your Course of Action
You have three options: Pay the ransom, try to remove the malware, or wipe your system and reinstall from your most recent backup. (If you need more info on backing up your company's data, click here)
Once you know what you need to do, do it! Time is ticking!!
For more information on how your small business can recover from a ransomware attack check out our other blogs or give us a call at (864) 552-1291, and we'll help you evaluate capabilities and options. Also, sign up for PTG Tech Talk and follow us on LinkedIn, Facebook, and Twitter!