What To Do When Ransomware Strikes

By   ISBuzz Team
Writer , Information Security Buzz | Aug 21, 2019 07:30 am PST

An employee walks over to your office, fingers fidgeting and brow sweating. They tell you that there’s something you have to see. Concerned, you quickly rush to their desk. On their computer screen is a single message that reads:

We have gained access to your computer and your files have been encrypted. If you want your data back, you’ll need to pay us.

Your company has been hit with ransomware, the malicious digital ransom note that is every exec’s nightmare. Unfortunately, this is becoming more common with 86 percent of SMEs having been recently victimized by ransomware in 2019, and 56 percent of all malware attacks being caused by ransomware. Ransomware is proving to be the single biggest destructive force for business data, surpassing even hard drive failures as the leading cause of data loss, and is costing organizations up to $17 million. 

Ransomware has evolved to take advantage of the many developments in technology since the first attack occurred in 1989 with floppy desks distributed across organizations purporting to raise money to fund AIDS research. At the time, the users were asked to pay $189 to get their files back, a mere drop in the ocean compared to some of the amounts demanded in modern day.

Since then, ransomware has grown significantly due to the advent of multiple facilitators. Encrypted files are becoming more difficult to decrypt due to sophisticated RSA encryption coupled with increasing key sizes, and ransomware is becoming more accessible with kits being sold on the dark web for as little as $10. Joined with the fact that cryptocurrency has made payments virtually untraceable and irreversible, recovery from ransomware has become more difficult, causing the cost to business to rise to more than $75 billion per year. 

How to Defeat Ransomware

So, what do you do if your company falls victim to one of these attacks? The first thing to do would be to isolate any infected computers and get them off the network ensuring the malware doesn’t continue to spread. Next you should begin to assess the damage by determining the origins of the infected file and locating others that were affected.

Okay, you can breathe now that you’ve successful stopped the malware from spreading any further throughout the network. Once this has been secured, your thoughts should turn to the backup strategy you have in place. If you have implemented either a backup or sync solution (see the next section for a warning about using sync) to get your data offsite, you are more prepared than most. However, this level of preparedness rarely is tested against the exact scenario it’s needed for. 

When it comes time to restore the company’s data after a ransomware attack, there are three weak points that need to be immediately considered: 

  1.     The security breach has affected the backups

Many people confuse cloud sync services with backup. If you are utilizing a sync solution, and the syncing process is happening during the time of the attack, the newly infected files are going to automatically sync to the cloud, therefore infecting your entire backup set.

Luckily, this can be avoided by using backup software that offers multiple versions of your files. This type of backup software saves the original file as it is the first time it is backed up, and then creates a new backup file with every change made – meaning that if a file was to become encrypted by ransomware, the simple solution would be to restore a prior version of the file that existed before the attack.  

  1.     Restoring data will be burdensome and time-consuming

If you have a large dataset, which most companies do, then the process of restoring data stored on the cloud can be a long and tedious one, taking away valuable time that could be spent securing your company’s next client.

The way around this is to employ snapshots. Snapshots allow you to restore all of your data from a specific point in time, which is crucial when tackling the effects of ransomware. Some backup solutions providers offer the ability to take a snapshot of your data and archive that snapshot in the cloud. Others even go as far as to ship USB drives to their customers containing the archived data. 

  1.     Not all of the critical data was backed up

The second leading cause of data loss is… human error! Making mistakes is a natural part of the human experience, however some of these mistakes could cause significant impacts on your company. The mistakes can be from forgetting to save something, to accidentally leaving a laptop on a plane. Some data backup procedures require employees to save files to a specific file in order for it to be correctly backed up; this can lead to an easily made error of simply forgetting.

The most effective backup solutions are the ones that are easiest for the end users and require the least amount of human intervention. It is best practice to invest in a backup process that automatically backs up all user-generated data by default. It should always be viewed as the responsibility of the backup solutions provider to protect business data, regardless of where the end user saves it.

As ransomware is becoming more common and cybercriminals are constantly developing new ways to break through security measures, the necessity to ensure that your company has a solid backup solution is imperative to ensuring that business can quickly get back to normal following an attack.

Making sure that your backup process addresses the three weak points mentioned above can be the difference between suffering a ransomware attack or avoiding an attack all together. It’s essential to make sure that your data is backed up and unreachable by ransomware infection, which will ensure that your downtime and data loss is minimal, or none if you ever suffer an attack. 

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x