HP Tech@Work
Today's trends for tomorrow's business
Being Held Hostage by Ransomware?

Being Held Hostage by Ransomware?

8 things you can do about ransomware

Imagine walking into the office one morning, booting up your desktop computer and seeing this popup message:

Your company computers were used to visit websites with illegal content, and we have locked them. To unlock, you must pay a $2,000 fine. If you fail to send money within the provided time, all your files will be permanently encrypted, and nobody will be able to recover them.

Ransomware attacks against small and medium businesses (SMBs) are skyrocketing. According to a Ponemon study, more than half of SMBs experienced a ransomware attack in 2017 - some more than once. And downtime caused by ransomware costs small U.S. businesses about $75 billion per year, a Datto study found. What’s more, one in five small businesses ended up having to shut their doors shortly after getting hacked.
Unfortunately, most SMBs take the threat too lightly. Despite evidence to the contrary, 82 percent of small business owners believe they're not targets for attacks because they don't have anything worth stealing, according to Towergate Insurance research.
So, what should you do about ransomware? Here are 8 steps to minimize your company’s risk in the face of what has become a global viral epidemic.

1. Promote training and awareness

They say, “an ounce of prevention is worth a pound of cure,” and with ransomware this couldn’t be more true. The best prevention is ensuring employees don’t make a mistake that exposes your business to attack. And if they do make that mistake, knowing what to do can help mitigate the problem faster.
To head off ransomware, experts recommend ongoing cybersecurity awareness programs for all owners and employees. Most ransomware attacks occur when some unsuspecting employee clicks on a link or opens an attachment that stealthily installs a virus on a computer. These phishing scams were the No. 1 cause of ransomware attacks in 2017, according to Datto. Lack of cybersecurity training ranked second.

2. Have a backup plan

If all your business and financial records only sit on a computer or closet server, you are setting yourself up for disaster. Regular backups to the cloud or some offsite server can help lessen the effects of a ransomware attack, should one occur. Also, consider backing up to more than one location. Some ransomware variants can lock cloud-based backups, so you’ll want to guard against that. Unfortunately, many businesses wait until a breach occurs before they create cybersecurity plan. This reactive approach has been the downfall of many small businesses.

3. Tune your security posture

The FBI recommends enabling strong spam filters to prevent phishing emails from reaching end users. To avert spoofing, the law-enforcement agency also suggests authenticating inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC) and DomainKey Identified Mail (DKIM).
As an additional step, consider disabling Remote Desktop protocol (RDP) if it’s not being used. Configuring firewall software to block access to malicious IP addresses can also help. Keep your antivirus software on and up-to-date. And make sure to automatically install key software updates. Microsoft and others constantly monitor for the latest ransomware variants and issue valuable software patches to counter threats they know about. The best approach is a combination of security measures.
NOTE: This is a perfect example of the value of HP Sure Start and HP Sure Run features. Unlike antivirus software which is a reactive security measure, HP Sure Start and Sure Run proactively monitor the device. When any deviation is detected, immediately and automatically self-heal the device. HP does wait for the latest patch or update. This also means that HP not only provides protection from today's modern threats, but future threats as well.

4. If attacked: Clean

If you have IT support, contact them immediately for guidance on what to do when ransomware infects a computer. If you don’t, then take a few basic steps to protect your network.
First, disconnect the machine from the Internet. Don’t shut it off. IT and law enforcement experts may want to look later to see if they can identify the source of the attack. Next, use antivirus or antimalware software to clean ransomware from the machine (only do this if you don’t intend to pay the ransom since you may need that connection to the “bad guys” to retrieve your files).
For additional steps, Tom’s Guide has an excellent set of guidelines on what to do if you’re infected.

5. Resist paying ransom

If you confirm a ransomware attack (sometimes it’s just a phishing attempt masquerading as ransomware), you have a decision to make: pay or don’t pay.
SMBs paid a total of $301 million to ransomware attackers in 2016 to regain control of their computers, but 30 percent of managed service providers (MSPs) say ransomware viruses remained on their SMB clients’ systems and led to further attacks, according to Datto.
That is one of the reasons experts recommend against paying ransom - there are no guarantees you will ever retrieve control of all your systems and data (Datto says 15 percent of companies do not).
While only 19 percent paid the ransom, according to CyberEdge Group’s 2018 Cyberthreat Defense Report. Among those refusing to pay, most recovered their data because they used back-up systems, but it can take some time. So, consider the pros and cons as well as your goals when deciding whether to pay.

6. Contact law enforcement

If you’ve been hit by ransomware, you probably know on an instinctual level the authorities won’t be able to do much to help. But if you report it, you can help them work with vendors to head off future attacks.
Start by filing a complaint with the FBI Internet Crime Complaint Center.

7. Alert your service provider

While they probably aren’t the cause of ransomware attacks, every attack must go through a service provider at some point. They need to know an incident occurred to take measures to assure other customers don’t fall prey to the issue affecting your systems.

8. Inform customers and investors

Aside from the ethics aspect of not letting customers and investors know of an issue affecting your data, you could be liable if they’re affected and you didn’t tell them. While it’s always tough and embarrassing airing such issues, and even though those issues might cause a loss in stock value or public standing, you’ll recover faster if you’re open and honest – about the attack and the steps you take to correct it.
Ransomware attacks are frightening, can be costly and sometimes deadly for a company. But by having a good plan involving a mix of preventative and responsive steps, most SMBs can recover quickly.
Related articles: