Ransomware demands grew by more than 80% in 2020, with the average payment rising to more than $154,000. This type of attack can cause severe disruption and financial damage, but you can get your business back on track with a well-executed recovery plan.
In this post, we’ll explore the most important steps in recovering from a ransomware attack.
What is a Ransomware Attack?
Ransomware is a malware designed to encrypt files and restrict access to essential data and applications. The perpetrators will demand a ransom, often in the form of cryptocurrency, before they remove the encryption.
Attackers may use phishing spam to infect a computer: an unwitting employee will download an attachment, unaware of its malicious contents. Opening the downloaded file will trigger the malware and enable it to take over the computer. Encrypted files can only be decrypted with a mathematical key, which the attacker will possess, so victims often feel compelled to pay the ransom.
Ransomware attacks are increasingly common in Canada and the rest of the world. More than 70% of Canadian businesses were affected by ransomware within one year, but perpetrators often launch attacks against bigger targets too. According to the National Post, more than 50% of Canadian ransomware attacks targeted critical infrastructure providers (e.g. hospitals, electrical grids).
The Communication Security Establishment’s (CSE) Canadian Centre for Cyber Security released a threat bulletin that warned of “high-impact ransomware campaigns that can cripple businesses and critical infrastructure providers.”
But ransomware is just one of many security risks companies must defend against: read “What are the Most Common Cybersecurity Threats Businesses Face Today?” to find out about other types of cyber attacks.
How to Recover
Don’t Pay the Perpetrators
It’s recommended that you DON’T pay any ransom an attacker demands, no matter how small the cost may seem compared to the wider potential financial impact. There’s no guarantee that the perpetrators will actually decrypt your files and restore your access to data when you pay — you could lose a substantial amount of money for nothing. The malware may still lurk on your computer or server, and you would need to pay to have it removed anyway.
And there’s another important reason not to pay attackers: they could become emboldened after successfully extorting money from victims and launch further attacks. They may even target your business again, fully expecting you to pay a bigger ransom.
Report Your Ransomware Attack
According to the Canadian Centre for Cyber Security, the Royal Canadian Mounted Police (RCMP) recommends that victims of cybercrimes report incidents to their local police. You should also report your cyber attack via the National Cybercrime and Fraud Reporting System.
This helps the relevant authorities understand more about the type of attacks disrupting businesses, their impact, and how to help victims. If you work with a managed IT service provider, they should take control of the situation, remove the malware, and restore your data. The best providers will prevent ransomware attacks in the first place by implementing cutting-edge security measures and monitoring your network round the clock.
Make All Employees Aware of the Incident
It’s critical that you have a communication plan for a ransomware attack. Your employees should be informed of the incident, how it will impact their work, and what they can do to help stop the malware from spreading further (if necessary). Clear communication will stop workers from making mistakes, potentially exacerbating the situation, and telling people outside your business about the incident.
Customers should be informed about the attack too. Tell them what steps your team is taking to handle the situation, and what you’re doing to prevent sensitive data from falling into the wrong hands. They’re sure to feel concerned and may even question your security setup. It’s vital that you’re honest, though, as keeping a ransomware attack secret will seriously harm customer trust.
Prevent the Infection from Spreading
Systems and files affected by the ransomware attack should be isolated straight away. Ransomware can encrypt files with incredible speed, and leave you without access to the data you depend on within minutes. Remove all infected computers from your network, otherwise, the ransomware may spread to other systems and even cloud drives.
When you identify which systems are uninfected, take them offline to protect critical data. Swift, decisive action is essential to halt the infection and minimize the attack’s impact.
Clear the Infection from Your Systems and Restore Data
To remove all traces of a ransomware infection from systems, it’s best to perform a total wipe of your storage devices. Formatting hard disks will eliminate the malware’s remnants and allow you to reinstall your data safely.
This can be incredibly difficult and dangerous if you have no copies of important files: you’ll need to start from scratch when you have no way to recover important information.
Fortunately, it’s easier than ever to create backups of critical files and keep them secure. You may use on-site solutions, such as hard drives and servers, cloud storage, or a combination. Whatever approach you prefer, ensure you have adequate security in place to protect data from malware (e.g. firewalls).
Restoring files can be a time-consuming process, but it will enable you to continue where you left off. Using cloud storage will also allow you and your employees to access files remotely, instead of depending on local hardware.
Work with Information Security Professionals to Prevent Further Ransomware Attacks
Ransomware poses a serious threat to businesses in Canada, particularly SMBs with limited resources and cybersecurity expertise. Attackers have highly sophisticated techniques and technologies at their disposal, and they’ll spot even the tiniest way into your network. They can hit your business with a ransomware attack that leaves your employees unable to work, harming your productivity and revenue at the same time.
That’s why it’s so important that you implement effective cybersecurity measures to safeguard your business against ransomware attacks. NETWORTH offers bespoke solutions to suit diverse requirements: our team of IT specialists will use state-of-the-art security technologies and methods to reinforce your network.