Ransomware is a type of malware that blocks access to files or systems until a ransom is paid. It can be spread through email, malicious websites, or file-sharing networks. It can also be clandestinely installed through exploits in software vulnerabilities.
Ransomware attackers will typically let victims know that their device has been infected by displaying a message on the computer screen saying that the system has been locked and the files have been encrypted. The user is then given instructions on how to pay the ransom, which is usually in the form of cryptocurrency.
Ransomware is a steadily growing concern for businesses in Canada and the world over. In May 2021, an insurance company paid hackers a record 40 million USD (51.66 million CAD) to get their data back. On average, recovering from a ransomware attack costs about 1.85 million USD (2.39 million CAD), a figure that includes downtime costs, the value of lost opportunities, litigation fees, and in many cases, the ransom paid. Experts calculate that by the end of 2021, businesses will face ransomware attacks every 11 seconds.
If you suspect that your organization has fallen prey to a ransomware attack, paying the ransom shouldn’t be your first course of action. Here are the steps you should take immediately to mitigate damage.
1. Isolate the infection
It’s critical to prevent the infection from spreading further and causing more damage. Ransomware can spread quickly, so act swiftly and disconnect infected computers from both wired and wireless connections. Also, disconnect computers from one another, as there may be more than just one infected device. Revoke access to shared storage and network as well to ensure that malware doesn’t spread to the rest of your IT infrastructure.
2. Assess the damage
Evaluate what data has been lost and what’s still salvageable; it’s possible that not all data may have been encrypted by the malware. If your IT team is capable of doing so, identify which malware strain you are dealing with and its behavior, such as how it propagates and what types of encryption it uses. Knowing this information will enable you to better deal with the ransomware down the line or even help you decide on a plan of action for removal and disinfection.
3. Notify the authorities
Per the Communications Security Establishment’s Canadian Centre for Cyber Security, businesses that experience ransomware should contact the local police immediately. They should also report the incident to the Canadian Anti-Fraud Centre via their online reporting system or by phone. Be sure to take notes about the ransomware incident, such as when it happened and which files were affected, so that the reporting goes smoothly.
4. Determine your options
There are several ways to deal with ransomware, so meet with your executive team and create a plan to contain the attack. For instance, you can try to remove the malware, or you can wipe the system clean and reinstall everything from scratch. For better guidance, you can turn to a ransomware recovery expert. And if you don’t already have a cybersecurity provider, consider engaging one as soon as possible.
5. Restore files from backups
The key to surviving a ransomware attack is not paying the ransom but having a robust backup and recovery plan. This allows you to restore data from safe backups. If your organization has a sound backup strategy, you should have versions of all your critical data up to the time of the infection. But as some malware can remain dormant before being identified, it’s vital to determine the date of infection and choose backups that were made prior to that date.
6. Prevent future attacks
Assess how the infection entered your systems so that you can identify and eliminate your cybersecurity weaknesses. What’s more, make sure you cover the basics of cybersecurity: deploy antivirus and anti-malware software; make frequent but comprehensive backups; install the latest security updates; implement endpoint security tools; and train your workforce on cybersecurity awareness.
Ensure that your business is always prepared to face ransomware and other cyberthreats. Partner with a cybersecurity expert like XBASE Technologies to help bolster your defenses and protect your critical data. Get in touch with our cybersecurity specialists today. Call us at 647-697-7710 or drop us a message.