You’ll know if you’re a victim of ransomware. Often you’re met with a red screen telling you your business files are encrypted. You won’t be able to do anything on the computer, although the cybercriminals will provide helpful instructions for how to pay up. How nice. Here’s what to do instead if you’re the victim of a ransomware attack.

Cybersecurity Ventures predicts ransomware will impact businesses every 11 seconds in 2021. Yes, you read that right. That’s up from every 14 seconds in 2019. Another research company reported ransomware increasing 485% year-over-year in 2020.

Know that it’s widely considered a bad idea to pay the ransom because you’re rewarding the cybercriminal. Plus, you can’t even be sure that they will provide the encryption key needed to regain the use of your files. What! You were going to trust the bad guys?

The Important First Step

The first thing you’ll want to do is make it all go away. Yet wishful thinking is not going to get the job done. Instead, you’re going to have to turn immediately to your disaster response plan, because, of course, you have one of those already. Really, don’t underestimate the value of planning in advance for IT infrastructure compromise. Doing it proactively means calm, considered decisions rather than reacting in a crisis.

Step one is going to be identifying the systems involved and isolating them. Once you detect a compromise, limit the spread of infection by disconnecting the devices affected. Ideally, you take only a few computers offline or disconnect an individual network. Even in a large-scale compromise, remove all affected devices from the network to contain the malware.

As part of the isolation, don’t forget to disconnect any connected devices such as storage drives. The ransomware infection will even seek out USB thumb drives.

Power down only the affected devices if you are unable to disconnect them from the network. Why? Because turning them off means you might lose potential evidence.

Malicious actors may be monitoring your business communications. So, move offline to coordinate your response. Phone calls or text messaging will work, or personal email accounts.

Don’t attempt to restore critical systems until you have identified and isolated them. After that, your business can move into triage mode. Prioritize what to restore, and recover using your data backup (again, of course, you have one of those, too). Consider how critical each system is for health and safety and revenue generation. Then, get to work restoring systems in an efficient, organized fashion.

Minimizing Ransomware Risk

Ransomware is a major threat to every business sector, and you don’t want to become the next victim. Common best practices include:

• preventing an attack with anti-virus and anti-malware tools;
• installing email filters to keep phishing emails from reaching your employees;
• making frequent backups and keeping them separate from your network;
• keeping up with ransomware and other cybersecurity threats.

Businesses that partner with a managed services provider have someone supporting their efforts to cut ransomware risk. Plus, if the worst happens, the MSP’s IT experts are ready to identify and isolate. They can find the samples needed, determine the malware strain you are dealing with, and report the attack.

Your data backup should have recent copies of all information up to (or close to) the time of infection. So, once the MSP has removed all ransomware, they will wipe your systems and storage devices. They can swiftly reformat the hard disks and reinstall everything from scratch.

An MSP can help you plan ahead to contain the damage from a cyberattack. Let our IT experts install best practices, set up safe backups, and track the activity on your network. Contact us today at (515)422-1995.

Your business may not be supplying oil to the United States, and you may not even be in the critical infrastructure business, but don’t think that means ransomware can’t happen to you, too. This article shares lessons learned from a headline-grabbing event, and they’re applicable to businesses of all sizes in all industries.

First, what happened? The May 2021 ransomware attack crippled a 5500-mile gasoline pipeline. The Colonial Pipeline serves up nearly half of the gasoline used by the East Coast of the United States. The attack thought to be the largest ever on US oil infrastructure, encrypted almost 100 gigabytes of data. Russian hacker group DarkSide took the systems hostage, demanding an undisclosed ransom. The pipeline was offline for days, and the disruption plagued the country for weeks.

The lesson learned? Businesses cannot underestimate the importance of being proactive about preventing cybercriminal attacks. The Colonial Pipeline attack originated in Russia and attacked the US, but the motive was financial. The majority of cyberattacks come down to money. That means your business could be at risk, too.

Lesson #1: Educate employees

Avoid falling victim to a devastating ransomware attack by educating employees about cybersecurity. Train your employees to recognize phishing emails and other scams, teach them about the importance of strong passwords, help them understand the potential dangers of using unsecured wireless networks or unencrypted devices, and prevent their downloading unsanctioned apps onto work computers.

Lesson #2: Use firewalls and email filtering

Configure firewalls to protect your network and block access from malicious IP addresses. Geo-fencing can reduce traffic from foreign actors in known cybercrime hubs.

Additionally, set up advanced spam filters. These help identify and stop phishing emails before they even get to your employees.

Lesson #3: Limit access

You’re thinking you’re doing that already with firewalls and filtering, but this refers to limiting access for the people who work for you. Configure credentials so that employees can access only what’s needed to do their job. Limiting administrative access makes it more difficult for bad actors to do damage.

Also, limit permissions to reduce access. One employee may need to read certain files but have no need to edit them. Configure the file and directory access accordingly.

Lesson #4: Monitor and patch

Even if you’re not online at all hours of the day, you should be monitoring IT 24/7. Set up alerts to identify any suspicious activity. You want to know as soon as possible if there is a vulnerability so your business can limit its exposure.

Also, patch: don’t ignore update notifications from your software providers or operating system manufacturers. Every piece of technology in your office could be an entry point for a bad actor. Cybercriminals are always finding new modes of attack and vulnerabilities. You have to be vigilant and keep your systems updated to cut your risk.

Lesson #5: Have a backup plan

If cybercriminals take your system hostage, you don’t want to have to pay a ransom. It’s costly, and you can’t guarantee you’ll get a functional system back. You will still suffer downtime and a damaged reputation from the attack.

Having several system backups, tested regularly for accuracy, helps protect you from catastrophe. We recommend a 3-2-1 approach. That’s three separate copies of the backup on two different storage types, and at least one of them should be off-site.

Customize your backup plan around the specific needs of your business. One company might be fine backing up daily, whereas another may suffer if it loses even a few hours of data.

Cybersecurity doesn’t have to be complicated

Ransomware attacks are expensive and time-consuming. Partner with a managed service provider to keep an eye on your systems. Our IT experts can configure protection, track activity, and provide backup solutions. Take preventative action to protect your business against ransomware and other cyberattacks. Work with professionals to install a layered IT security strategy today. Contact us now at (515)422-1995.