February 11, 2022 -
Normally we like to start these blogs off with a fun little quip. Maybe a quote from a TV show or some kind of fun bit. You know, fun stuff.
But let’s face it – if you’re here reading about what to do AFTER you’ve been hit with a ransomware attack, you’re probably not in the mood for the fun stuff. In fact, there’s not much you’ll be focusing on in the near future besides this topic.
If you’re here by accident or you’re just really curious and want to be super prepared, that’s great, too! In fact, that’s a pretty awesome thing for you to do.
To start things off, ransomware is defined as an ever-evolving form of malware (software specifically designed to disrupt, damage, or gain unauthorized access to a system) designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, and then those malicious actors demand ransom in exchange for decryption.
Many companies fall victim to Ransomware every year. The FBI reported 2,474 complaints of Ransomware in 2020, and victims fell prey to an attack once every 11 seconds in 2021. Globally, the number of Ransomware attacks rose 485% year over year from 2019 to 2020, and demands have hit an incredible $50 million in some cases.
Note: It’s always better to stop attacks immediately upon detection and keep frequent backups of your data to ensure minimal downtime in the event of a breach.
To infect your system, cybercriminals take a number of approaches to gain access. From phishing – not the band, the fake emails to trick people into clicking something kind – to generating false SMS authentication messages to even social media and even instant messaging, there are countless ways your team can be at risk.
The only way to truly defend against ransomware is to be constantly vigilant, always monitoring connections to your system and plenty more we covered in our last blog, which you can find here.
It’s not the best situation to be in, but there are absolutely options at this point. Unfortunately, negotiating with cybercriminals is often a lost cause –
Here are four steps to defeat Ransomware and get back to business:
Just like any viral attack, detection and isolation is the critical first step to combatting an infection to your system. In the case of connected networks and devices, this means unplugging them manually and digitally from any possible source. It may seem primitive, but the logic is straightforward: A device that isn’t connected can’t be utilized in the breach.
Most of the time Ransomware will identify itself through a digital display, informing the infected party (hopefully not but likely you in this scenario) of what’s to come.
To properly identify the Ransomware, there are numerous sites you can turn to like ID Ransomware and the No More Ransom! Project (who provides the Crypto Sheriff to help identify your attackers).
No matter what the cybercriminals say, the authorities should be contacted to report the breach; there are many ways to disclose a ransomware attack. Because digital crimes are seemingly invisible to the community at large, reporting digital crimes help watch groups in painting a picture of the threat at large.
You have three options: Pay the ransom, try to remove the malware, or wipe your system and reinstall from your most recent backup. (If you need more info on backing up your company's data, click here)
Once you know what you need to do, do it! Time is ticking!!
For more information on how your small business can recover from a ransomware attack check out our other blogs or give us a call at (864) 552-1291, and we'll help you evaluate capabilities and options. Also, sign up for PTG Tech Talk and follow us on LinkedIn, Facebook, and Twitter!