Take These Steps Immediately If You’ve Been Hit with Ransomware
The odds are that if your company hasn’t already been hit by ransomware this year, you will be soon.
According to “The State of Ransomware 2020” report by Sophos, 51% of surveyed organizations were hit by ransomware in 2019.
And size doesn’t matter when it comes to these types of attacks. While larger organizations, such as hospitals and municipalities, may be the ones that get the headlines, attackers are just as apt to go after small businesses as they are larger organizations.
Ransomware has only continued to grow in popularity among cybercriminals due to the number of businesses willing to pay a ransom just to get their data back. Unfortunately, the number that don’t have a reliable backup and recovery solution in place has also contributed to the surge in ransomware.
This type of attack will typically come via phishing email but can also be introduced into a network in other ways. Common ways that ransomware is introduced include:
- Phishing emails
- Social phishing
- Unpatched software & operating system vulnerabilities
- Attack on a vulnerable web server
- Infected USB device
Once ransomware gets into a system, it’s pretty effective at encrypting all the data that it can.
According to the Sophos report, 73% of cybercriminals succeed in encrypting data with a ransomware attack and just 24% of attacks are stopped before encryption can happen.
Source: Sophos “The State of Ransomware 2020”
The steps that you take right after a ransomware attack has occurred can make all the difference in how easy it is for your business to recover and how much the attack ultimately costs.
Take These Actions if You’ve Been Hit with Ransomware
Typically, the first indications of ransomware will be the inability to access your data. It may be data on one specific device, on a server, or in a cloud platform.
The other indicator is the ransom note, which in the case of ransomware comes in the form of a popup message on the infected devices. The ransom note will usually include the fact that your device has been infected with ransomware and instructions on how to pay the ransom to the attacker.
Some attackers also use a ploy where they have a ticking timer that states the ransom will go up if not paid within a certain amount of time.
If you get one of these messages, don’t panic! Otherwise you could end up paying more than you need to and being down longer. Here are steps to take when hit with ransomware.
Unplug the Impacted Device(s)
The first thing you want to do is cut off the network connection that an infected device has to any other devices or cloud services. Ransomware is designed to exploit network connections and infect as many devices as possible.
As soon as you see the popup, disconnect that computer from the internet and any internal local area networks.
Take a Photo of the Ransom Demand
You don’t want to lose the ransom note because it can contain important information for an IT professional that tells them exactly what type of ransomware they are dealing with.
Take a photo of the ransom note that appears on the screen with your phone, but don’t click it.
Assess the Spread of the Ransomware Infection
Next, you’ll want to identify any other devices that may also have been infected so you can disconnect them from the network as well.
Look through data on computers, mobile devices, and servers that are connected to your network.
You’ll also want to review data in cloud platforms from a clean device to see if it has been impacted as well.
Call in Your IT Professional
Don’t try doing a virus removal yourself on the ransomware or you could end up losing access to your files permanently. You should have an IT professional come in to help you assess the damage and provide you with an honest assessment of what it will take to restore your data.
We can carefully remove the ransomware and restore files from your backup (if you have one) or recommend alternative options if you don’t have a backup.
Ransom or Backup Restoration?
It’s important to consult with an IT professional when deciding your next steps – whether to pay the ransom or do a backup restoration. Some organizations pay the ransom out of a sense of urgency to get their systems back up and running quickly. But the costs can be high and there is no guarantee that that attacker will actually hold up their end of the bargain.
According to the Sophos report, it’s much more costly to pay the ransom during an incident than to restore your data from a backup. In both cases, costs include downtime, device costs, and lost opportunity costs.
- Attack Cost When Ransom is Not Paid: $732,520
- Attack Cost When Ransom is Paid: $1,448,458
Restore & Test Systems
You’ll need to have your IT professional thoroughly test your systems after the restoration process, whether you paid the ransom or had the ransomware removed and restored files from a backup.
Then, you’ll want to have protections put into place that will address the vulnerability that allowed this particular cyberattack and to help prevent future attacks.
Protect Your Business with Reliable Backup & Recovery Solutions
Don’t leave yourself vulnerable to a ransomware attack. Skyline Business Technology offers multiple IT solutions for Wabash, Indiana businesses that include data backup, cybersecurity, and more.
Contact us today to schedule a consultation. Call 260-225-3133 or reach us online.