Ransomware is a big buzz word in the IT community, but you may be unfamiliar with what it actually is or what to do if your company is experiencing a ransomware attack. Experts predict that in 2021 a new organization will fall victim to a ransomware attack every 11 seconds. That’s an incredible figure, up from 14 seconds in 2019. As technology gets more sophisticated, so do cyber attacks and the ransomware that is out there. We are sharing more information on ransomware attacks and what to do if you are experiencing one.
What is Ransomware?
Before we begin, we want to clearly define what a ransomware attack is so our readers can better understand it. Ransomware is a form of malware that encrypts information on a device, which prevents a company from accessing their critical data, files or applications. In return, a ransom is demanded by the attacker to return access to the owner’s devices. Ransomware is often designed to not just affect one person’s device, but entire organizations. Organizations have been forced to pay upwards of millions of dollars to have their data returned, which is a big blow to a business’ bottom line.
There are many kinds of ransomware out there, but they typically happen by using email spam campaigns or through a targeted attack. Typically there will be a timeline associated with the ransomware. The organization can have 24-48 hours (or less) to pay up or lose their sensitive data permanently. As a business owner, you can understand the havoc this can wreak on an organization and the financial health of your business.
If your business is experiencing a ransomware attack, it’s crucial to act as quickly as possible. Here are several actionable steps to take in the midst of a ransomware attack:
Isolate the Infected Device
Let’s say one of your employees clicks on a suspicious link in an email. This could unleash a ransomware attack to the device and time starts ticking. The first thing you should do is remove this device from all shared organization networks as fast as possible. Limiting the device’s access to shared drives in your network can help prevent the ransomware from spreading to other devices in your organization. We also recommend shutting down your organizations WiFi or Bluetooth access while the attack is in progress.
Inventory the Damage
Once you’ve identified a ransomware attack, begin combing through your files for potentially encrypted files. You may see files with strange extension names or files that you are having trouble opening. You’ll want to create a full list of the files or programs that are not functioning correctly.
Contact the Authorities
As someone in your organization combs through potentially encrypted files, you will want another person contacting the proper authorities. Ransomware attacks are a serious crime and involving law enforcement can help bring the cyber criminals to justice.
Restore Your Systems
This is when backing up your data becomes so important. You can restore your system from a previous backup and begin using your device again once you’ve ensured there is no malware present. In the case of not having systems that are properly backed up, you can research decryption options.
It’s not recommended to pay the ransom and get your data back for several reasons. Technically, you would be funding criminal activity, because ransomware attacks are a serious crime. There’s also no guarantee that the criminal will take your money and destroy the data.