Businesses have had to shell out a lot of money to pay off hackers recently. Reported ransomware attacks increased by 336% in 2020. According to a study by Chainalysis, ransomware victims had to pay nearly $370 million worth of crypto to hackers in the past year.
Ransomware is a form of malware that encrypts a user’s files. The hacker will then demand payment, usually in the form of Bitcoin to restore access to the users’ data. Specific instructions will then be sent to a user on how to pay the fee to free their files.
In this blog, we will discuss common ransomware attacks, some precautionary measures your team can take to keep their data from being maliciously obtained, and what your business and IT team should do when a staff member is exposed to ransomware.
Common Ransomware Attacks
The most common way a hacker may gain access to an employee’s files with ransomware is through phishing. The hacker will send a cleverly disguised email imitating a person or service provider as someone trustworthy; these emails will almost always include a file or link of some sort.
The most common action of ransomware is to encrypt some or all the staff member’s files. The files cannot be decrypted without an encryption key that is only known by the attacker. The employee is shown a message that explains their data is now inaccessible and can only be decrypted if a Bitcoin payment is sent.
In some cases, a hacker may trick a staff member into thinking that they are a law enforcement agency. They will claim that there is inappropriate material or illegal activity on a computer and demand the employee pay a fine to unlock the computer. In this case of ransomware, unsuspecting victims are less likely to report the attack and comply with the demand.
Lastly, a hacker may attempt to persuade you or your team with a form of ransomware called “doxware”. In this instance, the attacker will threaten to release sensitive data on the staff member’s hard drive unless a ransom is paid.
How to Prevent Attacks Beforehand
There are several defensive strategies you and your staff should take to prevent ransomware attacks. Most of these will help prevent all sorts of malware attacks in general.
Your team’s devices must have the most patched and up-to-date operating system. A lot of patches and updates include security updates, and hackers will take advantage of machines that are not current with security patches.
When you, your staff, or your IT team is installing software, hold off giving software any administrative privileges unless you are certain. Operating systems like Windows and macOS will give you plenty of prompts to make sure you wanted to proceed with giving software certain access to a device.
It might be helpful to have your IT team preinstall software and limit which staff members have admin rights. Your staff may not need access to install anything.
You should make sure your IT team is performing proper data backups, frequently and automatically! It will not completely stop a ransomware attack, but it will lessen the damage significantly.
Finally, make sure you have the right antivirus software that suits your business needs. A solid antivirus program will detect ransomware as they show up, and can at least whitelist software. Whitelisting prevents unauthorized applications from executing in the first place. Your IT team should have a plan in place to find the right antivirus software that caters to your work environment. Ideally, the antivirus should be feature-packed, but light enough that it does not slow down your staff’s computers significantly.
What to Do If You or Staff Become Victims of Ransomware Attacks
The most important rule you and your staff must know if you become infected with ransomware is to never pay the ransom. Although most hackers will restore data to their victims (approximately 70%), there is still a risk your staff may not get their data back. In some cases, victims who pay the ransom will take the bait and pay the ransom, and then immediately be asked to pay a second.
If your staff member's computer has been infected with ransomware, your IT team should make sure the machine is off the network entirely. Then, they should reboot the machine into safe mode and run an antivirus scan to find the ransomware program. Lastly, they will want to restore the machine to a period long before the hacker got access to it or a corrupted file was downloaded.
Please note: these steps will help regain control of your machine again and remove the ransomware. However, they will not decrypt your files. Unfortunately, the encryption process is probably complete at this point, and without sophisticated decryption software, the process is irreversible. On the positive side, you and your IT team will eliminate the need of giving in to the hackers' demands for payment.
Although ransomware has the potential to be devasting to businesses, it can easily preventable. If your team has the right measures in place to prevent these attacks and how to stop them if they do happen, you can keep your business from being affected. Make sure your IT team is educating staff on proper cybersecurity measures.
Your staff should know the ins and outs of basic phishing and the importance of strong passwords. Full backups should be standard practice for your data. Your antivirus software needs to have detection, response, and remediation options all in one program across your entire network. If needed, have your IT team limit the access to only certain programs on a computer. Last but most importantly, if you find yourself completing a Bitcoin transaction to get your files back, stop immediately!