The Threat of a Ransomware Attack is Very Real. Here’s How to Recover From One.

Ransomware Recovery.png

Ransomware is on the rise. It’s an unfortunate reality for today’s small and medium-sized businesses (SMBs). A ransomware attack can cost your business money, zap your resources and irretrievably damage your reputation. A serious attack could even shutter your operations altogether. For example, the London-based currency exchange company Travelex was crippled by a ransomware attack last year; the company paid the hefty million-pound ransom in bitcoin, but its operations were “sidelined” for more than two weeks. The company has since gone into administration and cut more than 1,300 jobs. The company is still in service, but the impact was tremendous.

In 2020, the COVID-19 pandemic ushered in the world’s greatest work-from-home experiment. The swift transformation to remote work led to more ransomware attacks. One survey finds that more than half of respondents said shifting client work to the cloud increased exposure and attack vectors. In Europe, just under half said that the vulnerabilities of remote working was the culprit for increased ransomware attacks. 

So, in the spirit of protection and preparation, we share what you need to know about this evolving threat and, just as importantly, what to do if your business is hit by a ransomware attack this year. 

What is ransomware? How does it work?

Ransomware is a type of malware  in which an attacker may access your data, alter credentials, encrypt files and demand a ransom to restore access to your information. 

One reason it’s so scary for SMBs is that it can be delivered in myriad ways. Ransomware is often sent through a phishing email, a form of social engineering designed to appear legitimate and lure targets into giving up sensitive information, such as financial information or passwords. These phishing emails often contain malicious attachments that infect a user’s computer after it is opened. In some cases, these attachments act as a Trojan horse, infecting a computer as it seeks out files to encrypt. 

Ransomware can also be spread through “drive-by downloading” in which an unsuspecting user visits a website that has been infected. Really, any digital means, including business apps and social media, can spread ransomware. Another alarming facet is “wiper ransomware” in which your data is not decrypted even after paying the ransom. 

How to Respond to an Attack

After an attack, you'll likely suffer a significant slow-down in business operations. There is no one-size-fits-all response to a ransomware attack, but there is generally-accepted guidance. For example, authorities advise businesses not to pay the ransom. How you respond and recover will ultimately depend on the specific variant, but we share general four steps and strategies you should be aware of and follow the moment you suspect you’ve been attacked. 

Check for Scareware 

The first tip to recover from a ransomware attack is to know what to look for and to remain vigilant. In an ideal world, your business is never hit with ransomware. Yet, if it is, the best scenario is being hit with a relatively “simple” variant of ransomware, such as scareware. 

Scareware is a malware tactic that tricks users into thinking they need to download or purchase software. It’s often easy to spot—scareware may pop up on the internet, replacing what you would expect to see in your browser tabs. In some cases, these tabs will open automatically upon clicking; others may pop up when you’re not even connected to the internet. Scareware may also appear as a compelling offer to install anti-virus programmes or other clean-up tools on your computer. While the infected computer may be besieged with these bogus pop-ups, it’s often the easiest type of ransomware to eradicate.

Tip: In all cases, educate your employees on what to look for, like how to recognise scareware or a phishing email—your business will be better protected when your staff can effectively act as your front line of defence!

Contact an Expert

Another recommendation for ransomware recovery is to call an expert the moment you suspect a breach has occurred. Working with a cybersecurity specialist is often the most expedient way to identify, locate and remove a ransomware intrusion. This is especially true for smaller firms with limited technology teams and resources, but also for robust teams who are currently overstretched amidst the work-from-home environment. In many cases, the specific ransomware attack you encounter is known and has been employed many times before—a cybersecurity expert might even have a decryption key available. 

Tip: If possible, establish a relationship with a cybersecurity organisation now, even if you don’t contract for any services. This way, you’ll have time to do your due diligence, identify the right partner and establish a clear line of communication, should you need it later

Remove Ransomware

It’s important to act quickly to remove the ransomware. Do this by isolating the infected device(s) to prevent infection of other connected devices. It’s also important to identify the type of attack that has occurred on a given device. As mentioned above, there are numerous “strains” of ransomware, and knowing what kind of attack it is will dictate the appropriate response and remediation. 

Relatedly, ensure that your SMB is using an up-to-date version of anti-virus software (not scareware, remember!), and that it’s installed on all endpoint devices. This is especially true for remote workers who might have taken a BYOD (Bring-Your-Own-Device) approach to work with personal devices. 

A key part of removal is recovery. This is where a robust back-up and disaster recovery plan will pay off. Those SMBs with the proper backup and recovery solutions in place may be able to respond quicker, resulting in less data loss and a quicker return to normal. If you don’t already have such a policy in place, now is the time to invest in one. 

Prevent a Future Attack

Our last tip is all about tomorrow. Ensure that you have an effective and robust cybersecurity strategy in place for your business, and educate your team on what they need to know. For example, if they suspect a phishing email, do they have a clear channel to share this with your technology team?

The best bet is to opt for a comprehensive security solution, which includes web filtering and sandboxing; one example is Fortinet SMB Security Fabric. Having solid backup and recovery solutions in place will help mitigate the threat of numerous attacks, including ransomware. Make sure to have the same solutions in place for any collaboration or communications tools you rely on, such as Microsoft 365.

We hate closing out on a negative note, but here it is. The landscape doesn’t look great in the year ahead. TechHQ thinks the threat of ransomware will evolve in 2021, and may include double extortion attacks, in which attackers also threaten to release personal data online or to the media. Do you have a no-ransom-paid policy in place? In 2021, attackers may wait longer to encrypt files to circumvent back-ups for a greater chance of payment—they may even target the backups themselves! And they could employ new and omniscient intimidation tactics, like cold calling victims.  

We’re here to help you navigate the all-too-real risks of ransomware and other cyberattacks this year. At Optec, we specialise in helping SMBs just like yours deploy the right solutions to keep your information protected and secure.

If you’re concerned about the threat of ransomware, please get in touch with our team for a consultation today.

For the latest news and updates from Optec, follow us on LinkedIn and Twitter.


Related posts

Previous
Previous

Event Recap: Pints, Pies & Data Protection

Next
Next

4 Steps to Building Cyber Resilience for your SMB