It’s a scenario many face every year. You’ve beaten the odds until now, but you go to boot up your computer and realize you’re the victim of a ransomware attack.
The subtle signs may have been there for a while; the nondescript glitches, unusual lags in your system, and slow operations in your machine. It’s only when the IT department notifies you of a breach that you realize you’re under a ransomware attack. Then it all starts to make sense.
Several strategies that can help mitigate a ransomware attack at your organization include:
Isolate the Infection
Depending on the type of infection you’ve been hit with, you may not have much time to react. Fast moving strains can spread across networks, locking up your data as it goes. If you suspect it’s just one computer that has the infection isolate it from other endpoints on your network. Unplug it and disable Wi-Fi and Bluetooth and any storage device it’s connected to.
Keep in mind that you may be dealing with more than just one “patient zero.” The ransomware may already be dormant on another system. Treat every connected and networked machine as a potential host to ransomware until you can confirm where it’s coming from.
Reporting to the Relevant Authorities for Further Help
At this point, you can either consider paying the hackers what they demand or opt for other options. Paying up just creates a loophole hackers might use to re-attack you in the future, exposing your organization without you getting your stolen information back.
It is a best practice to report the attack to the authorities rather than paying the hackers the ransom demanded. This will help you get a clearer picture of the attackers’ mode of operation, how they gained access to your system and what can be done to prevent future attacks. You can file a report with the FBI at the Internet Crime Complaint Center.
Reformat
It can be a hassle to recover the data that’s on the infected computer. Even if you can manage to find a decryption package that will work, there will be other damage, most likely the original malware is hidden elsewhere on your system. Instead, repartition and reformat the hard disk or install new hard disks. Be sure to destroy the old hard disk/s if you decide to go that route.
Rebuild Your System
Restore your data using off-site or cloud backup files. If don’t have a system image, you’ll also need to reinstall your applications. Be sure to scan your backups for malware as it’s likely that your most recent backups included the malware or even some encrypted files. If that’s the case, move to an earlier backup and check that, then restore using the earlier, uninfected backup.
Prevent Similar Future Re-occurrences
A ransomware attack can be devastating to a business. Planning to prevent future recurrences is essential. Conduct a study after the fact so you can do a better job of prevention next time. A good place to start is with training your staff. A high percentage ransomware attacks are due to human error i.e., opening an infected email or clicked on a link in a phishing scam, or they visited an infected website.
These attacks cost organizations millions of dollars annually every year. That’s why every business must evolve and develop tactics to stay vigilant and develop a plan on how they’ll recover if the unthinkable happens.
To learn more, ask us about our security solutions to help protect your critical business data.
About NATIONAL
Committed to their customers since 1927, NATIONAL offers a range of Managed Services including IT Support and Augmentation, Cybersecurity, UCaaS, Managed Print, Document Management as well as VoIP/Telephony, Cloud Services, Printers, Copiers, MFPs, Product Print Equipment and SmartBoards.
For the latest industry trends and technology insights visit NATIONAL’s Business Technology Theater.