Reacting to Ransomware: Prevention and curehayesr
Ransomware is one of the most common methods of attack used by cyber-criminals and has the ability to freeze entire systems, prevent operational continuity and cost businesses a significant amount of money.
Users will know that they have been a victim of a ransomware attack almost immediately because a message from the cyber attacker will appear, saying that files have been encrypted or that you have been locked out of your computer. The message will also contain details of a ransom that the cyber-criminal is demanding, usually in Bitcoin or another well-known cryptocurrency. The attacker will offer to provide you with the encryption key for restoring files upon receiving payment. However, this is not always the case and some attackers demand a second or even third ransom payment.
How can you protect your business from falling victim to a ransomware attack?
It is true to say that there is no such thing as 100% security as the threat landscape is dynamic and fast-paced. However, the implementation of a multi-layered security strategy will reduce the risk of your business falling victim to cyber-crime. Whilst protecting against ransomware is advised, there are a whole host of methods that cyber criminals use to achieve their goals. The good news is that most security measures provide some level of protection against other types of attack too, not just ransomware. See our top tips for protecting your business in this previous blog.
How should you respond when faced with a ransomware attack?
If you find yourself or someone in your organisation falls victim to a ransomware attack, it is vital that you make sure that it does not spread to other devices at work or at home. Disconnect the infected device from the internet or your company network as soon as possible. Remove the network cable, turn off your Wi-Fi and power off your device.
If it occurs on a company device, you must notify the IT team immediately and await further instruction, or follow your company’s incident response plan.
Following a successful ransomware attack, you have limited options of how to respond. You can:
- Restore files from a backup if you have one
- Start again with a fresh operating system installation and accept that your files are gone forever
- Pay the ransom amount, but have no guarantee that you will receive the key to restore your files
- Hope that security researchers or your IT team can provide alternate ways to get the encryption key and restore files. However, this is very rare.
Of course, prevention is better than cure.
Eventura have a team of cyber security experts able to help businesses improve their cyber security practices. The team advocates a model of prevent, detect, respond and recover. How this model could work for you depends on your business and risk appetite. To discuss your current security solutions and how you can plan for the future, please do not hesitate to contact us.