What is Cyber Insurance, and do I need it?
The cost of dealing with a data breach can be disastrous. It goes beyond simply repairing...
Ransomware attacks are as costly as they are common with a suspected attack happening every 11 seconds. They affect big and small businesses alike: no organization is immune. In fact, often small businesses become more of a ransomware target because they often tend to not budget for adequate security and back up measures. This can be a costly mistake. Markets that are a particularly susceptible to attack are the healthcare and financial industries.
2021 was a year that saw unparalleled ransomware activity, with the 2021 SonicWall Cyber Threat Report reporting that it was the most costly and dangerous year on record. There is no reason to believe that 2022 will be any different.
There are a number of preventive measures you can take to address ransomware attacks.
Make sure they know what to look for when it comes to phishing scams as well as have them be diligent in updating their passwords and utilizing cybersecurity best practices like multifactor authentication. They should also know what to do in the event of a cyberattack.
All computers require operating system software to work. It is the base software that manages the hardware and allows a user to interact with the computer. Occasionally, these programs produce new versions of their software. These new versions install the latest technical advances, which can upgrade a computer’s performance and give its users more and better features as well as corrections that have sealed up vulnerabilities in the operating system. The National Healthcare System of the UK failed to properly update after a Windows Security update and fell prey to ransomware in 2017.
Use the Principle of Least Privilege (POLP) when granting access to your network. This means using caution when handing out administrative privileges and only allowing employees to have no more than what they need. The idea behind this is the fewer number of people having access means less damage.
Antivirus software and managed threat response measures like those offered by pim through SOPHOS add to your online security.
Have a system in place that backs up your data automatically and frequently. This will help reduce the amount of damage a ransomware attack can cause and reduce business disruptions and the costs associated with cyberattacks.
Even with the best prevention strategies in place, chances are that you may still fall prey to a ransomware attack. A ransomware attack can be devastating, but if you act promptly and properly, you can mitigate some of the damage.
Yes. We know. This is easier said than done when you suddenly cannot access your data. But keeping a level head in this stressful time will help you when you take the next steps. Call pim, or whomever oversees your IT, immediately and alert them to the attack so that they may begin to help you with the following actions.
The ransom note on your screen will not only contain the details of how you are to pay the ransom should you decide to pay it (which pim does NOT recommend), but also will help recovery teams engaged to determine what ransomware hit you. This will help the experts find an existing recovery key. This information is also helpful should you need to fill out any reports for police or insurance companies. This can be as simple as taking a photo of your screen with your phone.
Disconnect the affected computer from your network. While the ransomware may have already infiltrated your network, you reduce this likelihood as well as it having reached your backups by isolating the attack. This is especially true if you use cloud backups. Disconnecting the affected computer helps stop the ransomware in its tracks.
Let your entire team know what is happening. While it is always a good idea to send out an email announcement and post warnings on company message boards, you should check with each employee directly to ensure that they know what is happening and what to be on the lookout for.
Backups play a crucial role in remediation from cyberattacks, but they are not immune to ransomware. In the event of a ransomware attack, organizations must secure their backups by disconnecting backup storage from the network or locking down access to backup systems until the infection is resolved.
Now that your mitigation team has quarantined the infected device(s) and secured your backups, it can begin to identify the ransomware strain and hunt down the matching decryption.
Your mitigation team should immediately disable automated maintenance tasks such as temporary file removal, on affected systems. This will prevent these tasks from interfering with further remediation and investigative steps.
Hopefully, your mitigation team has isolated the infected device(s) and has been able to secure your backups. At this point, ALL online and account passwords should be changed. But once a network has been infected, there is no way to guarantee that the ransomware is completely gone unless all devices are wiped clean. This includes virtual devices as well.
This is where your secure back up comes to play. (Remember how we told you to be backing up your data automatically and frequently?) Restarting your servers with a CLEAN recent backup will ensure that the ransomware has been remediated and there is minimal disruption. In the meantime, your organization can keep your productivity going by putting into place your disaster recovery plan. Having a reliable cloud to backup from, like the one provided through ProActive Cloud, can reduce the impact of a ransomware attack.