Blog & Tools

3 things to do following a ransomware attack

Ransomware on a laptop

Even fictitious hospitals and other institutions aren’t safe from the disruptive force of ransomware.

The ABC drama “Grey’s Anatomy” recently wrapped up a two-show run that depicted Grey-Sloan Memorial Hospital battling unknown hackers who were responsible for a ransomware attack. (Spoiler alert: The hospital succeeded in restoring its computer system without paying ransom. Watch it here.)

“Grey’s Anatomy” wasn’t the first TV show to use ransomware to advance a plot, either. “Chicago Med,” a medical drama on NBC, also has used ransomware in a storyline. So have some TV shows not set in hospitals.

Related blog: Ransomware infects its way to attention on prime time TV

With ransomware making repeat appearances in prime-time TV shows, you know the malware is a serious threat to real-life businesses. The TV shows are examples of art imitating life, but they raise questions about how real-life companies should prepare and respond to attacks.

Companies need to plan in advance how they will respond after a ransomware attack or some other type of emergency shutdown. Panic and confusion of the moment should not rule.

Ransomware is malware that anonymous hackers maliciously load into a company’s network – typically by deceptive means. It encrypts files and makes digital information inaccessible or unusable. Then, typically, the hackers demand payment in online currency to release the data.

Chad Pew, manager of IT for Sioux Falls-based SDN Communications, offers some specific suggestions for dealing with ransomware attacks:

  1. Once a business realizes that it’s been attacked, it should immediately try to stop the malware from spreading throughout its system. Contain the infection as much as possible. Unplug the infected device, disconnect its wireless service or power off the work station.

“That’s the main thing to do right away – keep it from spreading to other PCs or servers,” Pew said.

  1. Then, the company has to determine the size and severity of the attack.
    • How important is the data endangered in the attack?
    • Is it critical to company operations?
    • Is the information backed up?

Ideally, important business information is routinely backed up on an outside hard drive or cloud service and can be restored. If the data cannot be restored and has not been backed up but it isn’t critical to the operation or image of the business, infected devices can be electronically swept clean, and business use can resume.

If the ransomed data is critical to operations or the business’ reputation, a new set of questions come into play. Paying the ransom generally should be viewed as a last resort. In some cases, keys are available online to unlock encrypted data. Pew says to look for tools like that.

  1. Cyberattacks, like other crimes, should be reported. However, tracing the source of a ransomware attack is next to impossible because an attack can originate from anywhere in the world, Pew said.

Law enforcement agencies discourage paying ransom because giving in rewards crime. Businesses have to make the decision themselves, though, based on the value of the endangered information and risk variables. Keep in mind, paying the ransom is no guarantee the data will be restored. Nor is there any guarantee that the business won’t be attacked again.

The best strategy for businesses is to try to avoid ransomware infections. That requires good, ongoing training of employees because people are the weakest link in most companies’ cyber defense, Pew said.

Related Blog: Good training is critical to keeping business networks safe

Hackers typically deliver their malware through means such as infected links in emails or websites that they try to trick employees into clicking. Every employee with access to a part of a company’s network needs to be trained, tested and retrained about cyber threats on an ongoing and updated basis.

Leaders of the supposedly high-tech hospital in “Grey’s Anatomy” didn’t seem to know anything about ransomware until the attack. In real life, that should never be the case.

Keep hardware, software and other network components patched and up to date. Next generation technology in some antivirus software can detect and prevent ransomware, Pew said.

“The threat is still out there, but with some of the new tools that are available, hackers might not be as effective,” he said.

SDN offers a few tools to help companies train their employees. Start by downloading their series of cybersecurity posters to hang in your business. They include one specifically on Ransomware. Use the button below to get your free version.

Free Cybersecurity Posters