Ransomware has become the most widely-recognized cybersecurity threat that American businesses have faced in recent years. Arguably, it is the cyber attack that poses the greatest impact on a business’ ability to function.
So what is ransomware?
Ransomware is an extortion technique used by hackers to hold all of your company’s data hostage unless a fee or “ransom” is paid. Files are not taken from your computer, though, they are encrypted.
With all files encrypted, businesses cannot access key information, documents and databases stored on computers and servers, thus, bringing the business’ day to day functions to a halt until the ransom is paid.
Recent media coverage of several material ransomware events again highlights the ongoing threat of ransomware attacks and how disruptive the breach is to your enterprise. This media coverage and law enforcement statistics unfortunately highlight that many firms across many vectors of the economy have not invested in the technology and event response plan required. Ransom is not new. While we may only learn of high-profile attacks, the number of extortion related events has increased significantly in the first part of 2021.William French | William R French Risk Consulting
How does ransomware infect a business?
Ransomware is deployed to a computer or network through a number of methods. Some methods are sophisticated and some rely on the negligence of an employee within a business. Once a device is infected, ransomware searches for data sources, both on the host computer and shared network sources, and encrypts everything it can–including attached backup drives.
Here are a few common methods of ransomware deployment:
- Internal Attacks – Hackers have been known to infiltrate a business to be able to bypass firewalls and have direct access to their targets.
- USB Drive Deployment
- Ethernet / Network Deployment
- Direct Download Deployment
- External Attacks – Hackers use an unknowing user’s actions or business security vulnerability to download ransomware and infiltrate the organization’s network.
- Phishing Email Campaign
- Drive-by Downloading
- Vulnerable Web Server Exploitation
- Password Breaching / Account Access
What can your business do to prevent a ransomware attack?
Because there are multiple methods ransomware is deployed to infect a business, there is no one preventative solution you can implement. Rather than trying to solve for a single solution, you should focus on building your business’ “cybersecurity stack” (this is a combination of software tools and management services that, in whole, is your cybersecurity solution).
A proper cybersecurity stack will include solutions to manage user risk, device risk and data risk. Additionally, the cybersecurity stack, when built properly, will prevent internal and external attacks, allowing for sophisticated protections that address known both known and unknown methods of ransomware deployment.
Want to see how your cybersecurity stack currently stacks up?
Download our Cybersecurity Checklist
What can you do after experiencing a ransomware attack?
Contrary to common belief, there are a few things that can be done to mitigate a ransomware attack aside from paying the ransom.
The best thing to do is to implement a cloud backup solution for business data AND conduct mock recovery exercises to make sure your backup is working (preferably monthly). If your business is hit by ransomware and you have a proper backup solution, you can simply have an IT provider consult with you on removing the ransomware and then restore data from backup. Ransomware, contrary to popular belief, is very easy to remove–it is the encryption of files that remains the problem.. and remains long after the actual ransomware malware is removed.
Let’s suggest your business does not have a proper backup, though. This is the case with all the news stories we see on how a company is out of luck and has to pay the ransom in the millions of dollars. There is one thing you can do aside from paying the ransom but it must be done as quickly as possible after an attack is discovered.
Step One: Remove the Ransomware Malware – Removing all programs and files created since the known infection time should do the trick.
Step Two: Download Shadow Explorer https://www.shadowexplorer.com/downloads.html
Step Three: Run Shadow Explorer – Shadow Explorer scans the hard disk for old versions of files by searching the magnetic components of your hard drive. This tool will not work on computers with a Solid State Drive (SSD)
In my experience, Shadow Explorer will retrieve about 70% of files. This will not get everything back and many of the files may become corrupt, but if you’re a small business without the resources to pay a ransom, 70% recovery is better than 0%.