What to do if Ransomware strikes
According to "phoenixnap.com" a new organisation will fall victim to ransomware every 14 seconds in 2019. PhishMe, have stated that ransomware attacks have increased over 97% in the last two years and ransomware in phishing emails has increased 109% since 2017.
With these disheartening statistics, what can companies do to prevent a ransomware attack and most importantly what can they do if they are a victim to one.
Tips to prevent being a victim of ransomware:
- Train staff - Training your staff to looking for phishing attempts, unusual files or email attachments and being security aware will help prevent ransomware attacks becoming successful. There are plenty of online providers for staff training including ourselves.
- Ensure IT systems are patched and up to date. Whether you are running Microsoft Windows, Mac OS or Linux, make sure all systems are patched regularly. When prompted for "Updates to install", install them! Make sure this happens for all systems and all staff. Create a policy to enforce it and train staff to do it. Systems up to date will be patched against known vulnerabilities where ransomware can infiltrate the system. This includes phones as well as desktops and laptops.
- Use Antivirus software. Ensure all systems use AV and antimalware software. Also make sure this is up to date with an active license, out of date software may not protect you.
- Use a reputable email provider. Make sure your email provider has a good solution with up to date spam, AV and malware securities checking all incoming and outgoing email. This will ensure threats are dealt with before they land in your staff’s mailboxes.
- Do not give out personal data. Hoax calls may be in preparation to an attack. Train staff on awareness of such events and to only provide data where necessary to known parties.
- Be ware of what you are clicking. Especially on websites, make sure the website is trusted before you click any links. Anything could be behind each link. Good AV software can prevent attacks like this and also staff training to reduce the risk fo staff clicking the links to begin with.
- Avoid the use of USB sticks. In this day and age there should be minimal use for USB sticks. If they are essential, make sure they are security scanned before every use and it is recommended to encrypt them, especially if they are likely to contain information which will fall under GDPR or DPA. We recommend not to use USB at all and use secure cloud storage.
- Back up data. Ensure all key data is backed up regularly in case an attack was successful. Also ensure the integrity of backups, were they successful? is all the data there? and has anyone tried to restore from a backup to ensure it is good.
Tips for what to do if you are a victim of a ransomware attack
- Disconnect your computer from any network. If it is wired in, unplug the network cable. If connected to a WIFI network, disconnect and switch off WIFI or disable the card if possible. Support can be provided if you are unsure how to do this.
- Avoid paying the ransom. There is no guarantee you will receive your files and by paying it is proving to the hackers that ransomware works and they will continue to attack others.
- Contact your IT provider or a specialist to assist in recovery of systems. If you have help on hand you should use it to ensure minimal downtime to your business and systems are recovered to a stable and more secure state than before.
- Check for backups. If the system(s) affected held data, it is likely it will need to be restored from backup. When was the last backup and is it sufficient?
- Disinfect or wipe the infect system(s). Some security products may be able to clean the infected system(s) and it is best to leave this to a professional. In the event a system cannot be cleaned it should be wiped to ensure the infection has gone. Once wiped the system will need to be restored and any data restored from backup where relevant.
- Learn from the attack. What happened? how did it happen? how can we prevent it from happening again? better security, staff training, cyber essentials certificate?
Unfortunately for a lot of businesses ransomware attacks are very real. They cause a big headache as they are unplanned, can cause downtime for your company and clients or partners. They can also cost money for recovery, reputation and potentially legal fees in extreme cases.