What to do before and after a ransomware attack

Last spring, WannaCry ransomware infected more than 300,000 computers around the world in less than a day. A Petya ransomware attack spread weeks later, exploiting the same flaw in operating systems.

“These attacks exposed the continued use of old and unsupported operating systems in critical areas and they laid bare the lax patch-update processes followed by some businesses,” McAfee Labs reported in September. California-based McAfee is one of the world’s leading cybersecurity companies.

The malware attacks underscored the importance of promptly installing updates and patches on computer networks.

Such incidents also raise questions about how employees should respond to ransomware threats in the workplace.

Ransomware is malware that is downloaded into a company’s network – probably by deceptive means - to encrypt files and make them unreadable. Then, typically, hackers anonymously demand payment in an online currency such as Bitcoin to release the files.

In the Sioux Falls region, companies such as SDN Communications are on the front line of helping businesses protect themselves from cyberattacks.

I asked Chad Pew, manager of IT at SDN, what a worker should do if he or she suspects that a computer had been infected.

“First, get off the network,” Pew said. “Disconnect the infected device from the system and from any external drive. Do whatever necessary to stop the malware from spreading to other files from a desktop or mobile device. Then, contact IT for help.”

After an attack has been contained and identified, work toward restoring encrypted files can begin. Hopefully the data can be restored without the targeted business having to pay ransom.

Law enforcement officers generally advise against paying ransom because that encourages more crime. Also, the payment of ransom does not guarantee hackers will restore the data.

The value of the data that’s at risk can heavily influence the temptation to pay. Some hackers are known to negotiate. So, companies that decide to pay might want to try to get the best deal possible.

Pew points out that as research accumulates about types of ransomware, some helpful websites are beginning to provide decryption keys to help victims to unlock their data. That’s not a guaranteed solution, however.

The best option for preserving valuable information is to make sure it is effectively backed up. SDN advocates what is known as the 3-2-1 Rule:

Companies of all sizes should have good, detailed business continuity and disaster recovery plans in place just in case circumstances do go bad, and those plans should be evaluated and updated regularly.

Providing good, ongoing training for employees also is extremely important. The effectiveness of the best software, hardware, policies, and intentions can be overridden in seconds by a single, careless employee who opens an infected link in an email, clicks on a contaminated website or plugs a bad jump drive into a computer.

Hackers also might try to gain entry to a network by talking an employee out of sensitive information, such as a password. That’s a deceptive practice called phishing. It’s another reason employees should be trained well.

Although awareness of ransomware is increasing, incidents also continue to increase. A company gets hacked by ransomware every 40 seconds. Last year, it infected tens of thousands of computers every month.

The profit motive for ransomware will diminish as more companies back up their data and help slow the spread of malware.

Use the form below to request a trio of cybersecurity posters. Print them on legal paper and post them around your company to educate employees.