Lately, Ransomware has been at the forefront of the news. From the attack on Colonial Pipeline, to Tom Berkowitz Trucking, Inc., to the July 4th attack involving Kaseya, instances of high-profile Ransomware attacks have been inescapable.
So, what is Ransomware?
Ransomware is a type of malicious software (malware) that blocks access to all the files on your computer or even your entire network by locking files with a special encryption key. Once infected, the hackers then hold the files for “ransom” (thus the name), and the only way to retrieve your files is through paying said ransom for the corresponding key. These hackers typically deal in cryptocurrency (so it is untraceable) and nearly half of all ransoms are paid in Bitcoin.
How can you protect against Ransomware?
The best way to protect against ransomware is to prevent it from ever reaching the end users inside your network in the first place! The use of malware scanning software to block files and emails with malicious links can preemptively block Ransomware from reaching your network before it has the chance to infect any of your files.
Two other significant factors of malware attacks are out-of-date software and unsupported machines. Therefore, to mitigate risks from Ransomware, it is essential to keep firewalls and endpoint protections up to date with the latest software and hardware available.
One final and extremely significant way of protecting against Ransomware is to have disaster recovery IMAGES of all your data, including critical files and applications. Then, when (not if) you get successfully attacked by Ransomware, you can mitigate the effects Ransomware will have on you and your business. (Quickly restore from an image and continue without loss of money or reputation!)
What should you do in the case you do get breached?
The number one thing to stay away from is paying the ransom unless absolutely necessary! 80% of businesses who pay the ransom get successfully attacked again (it tells hackers that you are willing to pay, so it puts a target on your back). The first thing you want to do after being breached is call your IT support team so they can lead the process! The next step in fighting against Ransomware is to isolate the infection. This will prevent the infection from spreading and infecting the rest of your computers, shared storage, and network. Once the Ransomware has stopped spreading through your system, it is time to identify the infection. From messages, evidence on the computer, and identification tools, you can determine which malware strain infected your systems. Once you know what you are dealing with, you should report the issue to the authorities. By reporting to the authorities, they can now help you and your company combat this data breach. Once you are clear of the Ransomware, you can begin the recovery process. Be certain to use only “clean” sources of your programs to restore your computer and retrieve your disaster recovery files free of Ransomware.
The final step taken is the most important of them all… plan to prevent a recurrence. Assess how the infection occurred and what you can do to put measures into place that will prevent it from happening again!
Some not so fun facts about Ransomware.
- 62% of ransomware attacks are targeted at small and medium-sized businesses!
- Ransomware attacks happen every 14 seconds.
- 90% of all attacks are due to human error.
- One in five small businesses fall victim to a cyberattack, and of those, 60% go out of business in six months.
- The average cost of a ransomware attack is $220k.
- The average downtime due to a ransomware attack is 19 days.
- There are over 6000 victims of Ransomware every day.