When a bad email or a careless link click leaves you locked out of your company’s most precious files, there one question you need to be ready to answer: What do you do when faced with a ransomware attack?
Major security firms like Norton, as well as the FBI, advise against paying up when dealing with a ransomware attack. There’s no guarantee you’ll be able to regain access to encrypted files. However, companies that find themselves in the middle of a ransomware attack may get very different advice.
In Feb. 2019, payroll software provider Apex Human Capital Management was hit by a huge ransomware attack that shut down payroll services for hundreds of Apex’s clients for three days. Everything in the company’s computers and at their off-site disaster recovery systems had been encrypted. Apex hired two outside security firms to consult on the problem.
Both firms agreed that paying the ransom was the fastest way to get systems back online. Apex paid the ransom, but that didn’t fix all their problems. Rather than return all the disrupted files to the pre-encrypted state, the decryption key broke file directories and rendered many files inoperable.
A lot of ransomware victims experience the same outcome, struggling to clean up the mess after the attack. Unfortunately, not paying the demands creates a different set of problems. On December 24, 2018, the cloud data hosting firm Dataresolution.net experienced a ransomware attack. Rather than pay up, Dataresolution.net restored everything from backups. Their systems were down for two weeks.
There’s no “best solution” when dealing with a ransomware attack. It’s more valuable to have a plan in place so you can quickly get things up and running again. Here are the strategies we recommend:
1. Make sure you are getting complete backups. Additionally, make sure you can restore all systems within the required amount of time. Over 90 percent of local companies we have worked with are not getting good backups or any back at all.
2. Limit access to folders to minimize the spread of the ransom attack for each employee. Business owners almost never need administrative access to the servers.
3. Make sure you are comfortable with your ability to detect the attack early to take action. This is the missing link to most security strategies.
4. Have a risk assessment performed and make sure a ransom simulation is run on the
top 10 ransomware programs currently in the wild. Learn more at RiskAssessment.SklarTechnology.com/.
The best way to deal with a ransomware attack is by doing all you can to prevent one. Test and train all employees to know how to detect a fraudulent email. Employees should verify the sender by looking at the entire email address and hover over all links before clicking on them. Find a live training demonstration at LiveTraining.SklarTechnology.com.
Thanks for reading,
PS. How Would You Like To Learn 3 Secrets That Will Save You From 99% Of Cyber Attacks? A Richmond Business Recently Lost Thousands To A Hacker, And It Wasn't Something A Firewall, Virus Protection, Or Other "Tools" Could Stop.