Given the duly earned notoriety of this sort of intrusion, most people are familiar with what happens when a computer is infected. It’s a troubling thought that you might one day see a message on your screen telling you that your files have been encrypted and that they’ll be deleted in a certain period of time if you don’t pay some specified amount.
This can be a damaging attack for an individual, but for a business, with dozens, or hundreds of computers all networked together, one attack has the potential to be enormously expensive. But when critical business data is on the line, the urge to pay can be extremely strong.
Thankfully, there are steps you can take to protect yourself from these malicious attacks. If you take the problem seriously and institute a vigilant system of protections you can lower your risk significantly.
Your Employees Are Your Biggest Risk Factor
It’s important to remember that ransomware attacks can’t happen without help. They have to be initiated by running a piece of malicious software, and it’s most commonly your employees that make the mistake.
Ransomware software can be delivered using email phishing attacks or other attacks initiated against your employees or it can be inadvertently downloaded from dubious websites. The latter can be prevented by limiting employee access to risky sites. The former requires training to thwart.
Email phishing attacks are bogus emails that attempt to fool the recipient into clicking on a link or opening a file contained in the email. They might try and convince you the email is from a trusted coworker, or that you’re somehow in danger if you don’t follow the email’s instructions. Clicking the link or opening the file is how the ransomware is activated, so train your employees to NEVER click links or open files if they can’t confirm the email sender’s identity.
You should also rigorously train your staff on what to look for to recognize emails that are misrepresenting themselves. There are almost always red flags that give away the email’s true intentions if you know what to look for.
Backup Your Critical Files Regularly
A ransomware attack has no teeth if it can’t threaten your files, and if you keep regular backups, your files are secure.
The value of keeping regular, isolated backups that can’t be reached by a ransomware attack can’t be stressed enough. This one action can render you safe from the damaging effects of an infection. It won’t prevent them, but it will neuter them entirely.
Run Simulated Attacks
There are services that allow you to simulate the sorts of phishing attacks that tend to deliver malware onto users’ computers. You can send these to your employees as a part of a training program. Not only do these simulated attacks help your staff learn what to look for, but you’ll also get alerted when employees take the bait. You can direct extra training to those riskier employees.
Have Your IT Department Institute a Holistic Security Program
There are a number of preventative measures your IT staff should have in place. These include:
- Scanning incoming and outgoing mail for executables and other risky files.
- Using thorough spam filtering to catch phishing attacks before they reach your employees.
- Making certain that the company’s operating systems, firmware, and software packages are regularly patched to prevent security holes.
- Installing systemwide anti-virus and anti-malware applications and keeping them up-to-date.
- Setting up application whitelisting, that only allows computers on the network to run programs previously established as safe.
Locking down permissions and giving employees only the level of system access they require can also help reduce your risk.
What To Do if You Are Attacked
Taking the precautions listed above will reduce your risk of a ransomware attack dramatically, but no system is perfect. User error can still occur and holes in your security can be missed. If, despite your best efforts, you find yourself the victim of an attack, here are the steps you should follow.
Do Not Pay the Ransom
This is a scary prospect, given that your files are on the line. But even considering this risk, you should never pay the ransom. Those demanding payment from you are criminals, individuals not known for being trustworthy. You could well pay the ransom and still lose your files. And if they do release your files, there’s nothing stopping them from installing a secondary attack which would hit you again weeks after you pay the first ransom.
You may lose your files, and that will be a bitter pill to swallow, but paying the ransom isn’t the answer. You could do yourself more harm than good.
Inform the relevant government authorities which could be the police or the cyber security department. There may be other businesses like you who have been effected and a joint action will be more effective and help to contain the attack.
Alert Your IT Department Immediately
Fast action is required to keep the ransomware attack from spreading. Make certain you alert the proper people and give them full access to your system. There are a number of things they can do to prevent further damage and potentially save your data. But there’s no time to delay.
Attempt to Remove the Ransomware Infection
In some cases, it’s possible to remove the lock on your system and restore your files without payment. Some versions of ransomware, called scareware or lock-screen viruses claim to encrypt your files in order to motivate you to pay them, but really only create the illusion. Sometimes all it takes to defeat these is a system restart. You can then use anti-malware software to remove the infection.
True ransomware is much harder to defeat, but in some cases, it can be done. Your IT department can research the options and give them a try. They certainly can’t make the situation worse.
Reinstall Your System and Restore From a Backup
This is why you keep backups. If yours are in place, the criminals have no leverage over you. You need only reinstall your computer’s operating system and then restore your files. If you don’t have a backup, the sad truth is that your files are lost. Reformating your hard drive and reinstalling your system software will restore control of your computer to you. You’ll then have to begin the painful process of assessing the damage.
It’s a terrible situation, but let it be a lesson. Always, always, always back up critical files.
Prepare So That You’re Never a Victim Again
Make sure your antivirus protection is updated, that you’re running all appropriate anti-malware applications, and that you vigilantly follow the protective steps detailed in this article. There’s nothing you can do about the loss you may have suffered, but you can work to prevent it from ever happening again.