In a ransomware attack, the hacker holds a business hostage by penetrating its network and encrypting/locking down all of its files, until the organization pays the ransom money demanded. Once the ransom is paid, the hacker releases the data by providing the organization with a decryption key that unlocks the data.
But that’s not the end of the story. What people have to realize is that the hacker may have been rummaging around a lot of sensitive data before encrypting it. They could have been selling the data for months before and just locked down the data on their way out. When an organization pays the ransom, their problems may be far from over.
Beyond the costly extortion and temporary business interruption, which can be paralyzing, the aftermath of a ransomware event can be equally as devastating, as it can fuel federal investigations into an organization’s network safety and security, requiring costly legal representation for months or years and leading to lawsuits by affected individuals and more.
Shielding your network
While the risk of ransomware is real and on the rise, businesses can follow these best practices to shield themselves.
1. Regularly back up data. Back up as often as you can, doing so even daily or hourly. If your data changes significantly hour to hour, then back up in real time. If a ransomware event does occur, you will want to access your backup data quickly.
2. Regularly scan for viruses. Conduct scans across the entire network infrastructure, including databases. This is especially critical for organizations with multiple IT managers and/or multiple locations.
3. Maintain an incident response plan. While you may be able to get your network back up after a ransomware attack, in a worst case scenario, the hacker could get to it first. Then you’ll have to make quick decisions: Will you pay the ransom? Will you negotiate? How do you access bitcoin? The following decisions must be made in advance to respond quickly and appropriately.
—Identify key stakeholders in an organization who are going to play a role in breach response, including legal, HR, IT and a spokesperson, as well as people outside the organization, such as your cyber insurance broker, privacy attorneys and an Encrypto currency broker (a currency broker that specializes in paying ransoms via bitcoin payments) as hackers must be paid in bitcoin.
—Plan a data breach response by knowing what evidence needs to be preserved ahead of time. Know what you will offer affected individuals. Will you set up a call center? Will you offer credit monitoring? This will need to be determined in advance to minimize the financial and reputational harm.
—Retain a robust cyber insurance policy that features real data breach resources. This will help mitigate the immediate financial and reputational harm that is sure to follow a ransomware event, as well as pay and fulfill the ransom.
—Train employees to spot phishing scams. Employees need to be able to recognize and delete phishing and malware emails without opening them. This typically won’t be successful if championed only by IT professionals, but will instead require a culture of safe practices from the top down.
—Keep logs to preserve evidence. Companies who do this successfully know who accessed which networks when and will be able to more easily identify the breach site/point of entry and exposed/accessed data or intellectual capital.
Everyone is at risk
Any organization that stores data on a network is at risk. And, contrary to popular opinion, ransomware hackers aren’t deterred by business size or industry.
Small to mid-size business can be an even easier target for the hacker, because the hacker knows they don’t have the resources to protect themselves. They’re as vulnerable as a big chain retailer. The hackers don’t discriminate. If it’s easier to get it from the little guys, they’ll go there. A W-2 form or an SS number from a mom and pop holds the same value on the black market as those coming from a large bank. Every organization needs to be aware of what’s out there and plan accordingly.