How Should Businesses Respond to a Ransomware Attack?
Ransomware can devastate a company, but maintaining backups and educating your employees can make a huge difference.
Ransomware has become a crippling phenomenon for businesses and consumers alike. As its name implies, the malicious software corrupts computer systems and holds your data ransom until the victim coughs up the money, usually in the form of bitcoin.
There have been some notable instances over the last year, like the ransomware that targeted iPhone users in Australia, while security researchers have identified several different strains of ransomware in the wild, most notoriously CryptoLocker.
If you find your business has been targeted and infected, panic may ensue as the still relatively new threat is difficult to navigate.
Some security professionals even suggest trying to negotiate with the cyber criminals to get your data back, while recently a police force in Massachusetts actually paid up the ransom after it was attacked by cyber crooks.
Attacks That Could Cripple Your Business
Sandra Gordon, a businesswoman based in New York, suffered a near-crippling ransomware attack in January.
“Sixteen years’ worth of data went into lockdown because ransomware infects everything connected to the hard drive, including external hard drives. So backing up, unless it’s to the cloud, won't help,” she said, ultimately resorting to paying up the ransom.
“I got all of my files back, which was essentially my professional identity. I’m grateful that my cybercriminals were honest. Between paying $630 in bitcoin and the support guy who made a house call, the experience cost me $1,700.”
This was a costly situation, and while it worked out in the end for Gordon, most cyber security professionals are in agreement that you shouldn’t pay cybercriminals.
“We've had a few clients hit with CryptoLocker or its variants, and fortunately most of them had good backups, but one did not. That's the price they paid,” says Morris Tabush of IT company Tabush Group.
Backing Up Data is the First Step
“Key issues with paying include the fact that a number of these samples are showing up with faults in the implementation of the encryption, which means that tools can be built to decrypt the files,” says Steve Santorelli, from Team Cymru, who previously worked at Scotland Yard’s Computer Crime Unit. He adds that there is never any proof that the cyber criminals will actually decrypt your files after you’ve paid.
“The main thing here, and sadly it’s often a lesson too late for victims, is the fact that regular, robust backups are the only thing that will save you from ransomware,” says Santorelli, “plus regularly updated anti-virus and patching your operating system and applications of course.”
“We believe that it’s vital to protect your data by backing it up in the first place to ensure that if disaster does strike, then your business is not brought to a halt,” says Jennifer Kate Ogden from UK firm Aspect IT.
Backing up is one thing, but it’s also necessary to regularly test these backups, and investing just a couple of hours every now and again in making sure everything is in working condition can make a huge difference.
And it’s important that note that while backups are vital, they are not a silver bullet against cyber criminals either.
Backing up simplifies things to a degree, says Mike Meikle, a partner at healthcare-focused security firm secureHIM. “However, the enterprise could still be liable for stolen data based on industry or government privacy and security regulations such as HIPAA for healthcare or PCI DSS for financial entities.”
Businesses also wonder if they should contact the authorities when faced by a cyber-crime incident like ransomware.
This all depends on the type of data that was stolen, such as personal health information (PHI) or personally identifiable information (PII), how much data was stolen, the number of people impacted and the local and national laws and regulations around data breaches. This can be different state to state and country to country.
An Educated Workforce
Having confidence in your backups is one method of dealing with a cyber-attack after the fact, but preventing any incident, while extremely difficult, is a wise practice too and this starts with educating your employees.
“The biggest prevention technique you can use is to educate your staff on not opening attachments or links from unknown sources,” says Brandyn Morelli, head of products and IT at Los Angeles app design firm Onyx. “If they feel they received something that is illegitimate, they should immediately contact their IT department.”
Employing a virtual private network can also help mitigate risk by randomizing your traffic to and from the business. Having a robust IT department in your organization is important, says J. Colin Petersen, CEO of J - I.T. Outsource, which could ultimately save your business thousands.