Are you Hit by Ransomware? Know How to Recover and Prevent an Attack.
The four most common threats to a Business today are Ransomware, Phishing, Business email compromise, and Distributed denial of service(DDOS). These are not the only threats, but ones to focus on. As we talk about threats, keep in mind that we no longer connect to company accounts only on our computers at the office. Mobile devices and, growing more popular, IoT devices should be top of mind, too.
- Ransomware is one of the most prevalent threats facing businesses of all sizes. Simply put, a ransomware attack happens when a virus is put on a computer and locks the user out of the systems that allow them to access their data.
- Then the criminal asks them to pay a ransom, usually with an untraceable currency, like Bitcoin or a wire transfer, to get the key to open their system again. Phishing is currently the most common method used to infect a system with ransomware and steal account credentials.
- Ransomware cyber-attacks can be pretty scary. In case if your computer is locked, or that your files are encrypted, don’t panic. Instead, take a deep breath, sit down and consider your options. The first step should be to find out what kind of Ransomware you have.
Check for whether it is an encrypting ransomware, screen-locking ransomware or something that’s just pretending to be ransomware. For a screen-locking ransomware, usually you can’t get past the ransom note on your screen. For an encrypting ransomware you could open all the apps in your system but might not be able to open your office files. If you can both navigate the system and read most files, then you’re probably seeing something fake that’s just trying to scare you into paying. You can ignore the ransom note.
How to Recover?
How to Deal with Ransomware?
Encrypting Ransomware is the most common and harmful of Ransomware attack. The following steps helps to deal with Ransomware
Should I pay the Ransom?
Most security expert advise against paying any ransoms. There is no guarantee that you will get your files back if you pay and paying just encourages more ransomware attacks.
Disconnect your machine from any external drives and all other systems. Go offline if you are on a network, this is to stop the spread of ransomware to other devices on your local network or to file-syncing services such as Dropbox.
See if you can recover deleted files. Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals.
Check for ransomware decryptors. It is much easier if you know the name of the ransomware strain as you could check in ‘No More Ransom’ website and see if there is any matching decryptor.
Figure out exactly which encrypting ransomware you’re dealing with. Try the Crypto Sheriff online tool or the ID Ransomware online tool which would let you upload encrypted files and then tell you whether the encryption can be reversed.
Restore your files from a backup. If you regularly back up the affected machine, you should be able to restore the files from the backup.Make sure the backup files aren’t encrypted too
Take a photograph of the ransom note presented on your scree-nor a screenshot. You’ll need to file a police report later, after you go through all these steps.
Use antivirus or anti-malware software to clean the ransomware from the machine, but only do so if you are determined not to pay the ransom. (Otherwise, wait until you’ve recovered your files.) You may have to reboot into Safe Mode by pressing the power button and the S key on the keyboard at the same time. Removing the ransomware will not decrypt your files, and it may kill your chances of getting the files back by paying the ransom.
If these methods don’t work, you’ll have to make a choice: pay the ransom or give up the files.
If you’re going to pay the ransom, negotiate first. Many ransomware notes have instructions on how to contact the criminals running the malware. If so, contact them and haggle for a lower ransom. It works more often than you’d think.
Give up on the files and reinstall the operating system. Perform reinstallation of the operating system. Windows 10 lets you “factory reset” many devices, but with other operating systems, you’ll have to use installation disks or USB sticks.
File a police report. This sounds pointless, but it’s a necessary legal step if you want to file an insurance claim or a lawsuit related to your infection. It will also help authorities keep track of infection rates and spreads.
What are the available Prevention Methods?
You may have read about breaches in the news where companies didn’t detect an intrusion until the criminals had been in the system for months phishing around and causing problems. Early detection can improve your recovery. Next step is to Respond. Having a response plan in place that can be acted on quickly and with trusted partners will limit the damage an incident can cause to your business. Recovering from an incident has multiple components: Business continuity, financial recovery, relationship management, and more.
Two items to include in your recovery step:
First, after a cyber incident has been resolved, continue to monitor your network to ensure the criminal doesn’t come back. Remember, the Hackers can generally hide in a network for months while not being detected.
And second, a post-incident review should be done to confirm everybody in the organization followed the response set up that was adopted and practiced before the incident.
Take an honest look at your company’s response and be willing to go back and make improvements where needed. Cloud services is an excellent tool for small businesses, since you don’t have the time, money, or staff to handle all your Cyber Security needs on your own.
Think of your cloud suppliers as additional team members who will take some of the worry off your plate. If you do your preparation and choose qualified providers who suit your wants, you can improve your workflow and security.
Add two-factor authentication to key email and social media accounts. Installing and watching an intrusion detection system on a electronic network are often compared to having security cameras within and outdoors of your building. When brooding about Cyber Security, look for similarities with physical security to help bridge the knowledge gap you have in securing data.
The importance of Cyber Security, education, and awareness training is a critical component of protecting data. The humans produce, consume, use, and depend on data. If you don’t address the human consider security, all the software and hardware in the world cannot protect your business. Cyber Security education and awareness training needs to become a routine part of doing business. This education and awareness should become ingrained in your business culture.
Conclusion
It’s clear that the most effective thanks to answer a ransomware attack is to avoid having one within the initial place. Other than that, ensuring your valuable knowledge is insured and inaccessible by ransomware infection can make sure that your time period and knowledge loss are going to be stripped or none if you ever suffer an attack.
