According to the News & Observer, as of August 2019, there had been more ransomware attacks reported in North Carolina than in all of 2018.
One of the recent high-profile ransomware attacks in NC was on Mecklenburg County. A phishing email caused an infection in 48 county computer servers and the hackers demanded a ransom of $23,000 dollars.
They immediately took everything offline and some county departments, like Social Services, had severely limited operations.
The county decided not to pay the ransom, after briefly considering taking “the path of least resistance,”. But they still ended up with costs in the tens of thousands of dollars.
How Does Ransomware Work?
Ransomware is a form of malware that encrypts files on the system it’s infected. It makes them unusable to the victim. Which generally causes all their systems to go down.
For example, if you’re a dentist’s office with an electronic appointment system and digitized patient records and you would not have access to any of your patient files or data in your appointment system.
The ransomware typically includes a message that demands a ransom be paid in bitcoins. If the ransom is paid, the message states that you’ll be given an encryption key to restore your data.
Hit by ransomware is typically delivered by phishing email, and it happens to be the most popular form of malware. 56% of malware attacks involve ransomware.
Steps to Take Right After a Ransomware Attack
Using good cybersecurity practices along with managed IT security can help you reduce your risk of falling victim to a ransomware attack. But what should you do if an attack has happened?
Time is of the essence when responding to a ransomware attack and mitigating the damage. We’ve laid out the steps you should take right after being impacted by a ransomware attack.
You may want to print these out for your cybersecurity manual, so you’ll have them for reference, just in case.
1. Take the Infected Device Offline
You want to immediately disconnect the computer infected with ransomware from all wireless and wired networks.
This will help reduce the chance of the ransomware infecting other devices in your office. And help prevent it from syncing to cloud services like Dropbox or OneDrive.
2. Take a Photo of the Ransom Note
People tend to panic when they see a ransomware note popup on their screen and might turn their machine off all together. But you want to have a photo of the ransom note that can be referred to and filed with a police report.
3. Contact Your IT Provider
It’s important to get help as soon as possible from an expert that can help you with the next steps.
So you’ll want to contact your IT provider that can diagnose exactly how bad the problem is, your options for addressing it and can help clean your system.
4. Determine Whether or Not Your Files Can Be Recovered
This is an easy step if you have a recoverable backup of all your files. If you don’t, then it could be more difficult to determine. You’ll want the assistance of an IT professional.
Some forms of ransomware copy your files, encrypt those copies, and delete your originals, and depending how they were deleted, they may possibly be recoverable.
Knowing whether you can restore your files or not is an important determination because paying the ransom might be your only option of getting them back.
5. Deciding Whether or Not to Pay the Ransom
This can be a tough decision and many ransomware victims pay it just to get their systems back up and running faster.
But be aware that just because you pay the ransom, doesn’t mean the hacker is going to hold up their end of the deal. (They’re criminals after all!)
About 1 in 5 ransomware victims that pay the ransom do not get the promised encryption key.
6. If You’re Not Paying the Ransom, Remove the Ransomware Infection
If you don’t intend to pay the ransom, you’ll want to get the ransomware file out of your system. This isn’t going to restore your lost data.
But it will remove the threat, which needs to be done before you can restore your data. Run your antivirus/anti-malware program to remove the malicious code.
If you are planning to pay the ransom, then you’ll want to wait to do this.
7. Check All Other Devices on Your Network
You’ll want to run a full scan of all other devices on your network to make sure the ransomware didn’t move through your network and infect those systems too. Remember that attack on Mecklenburg County… 48 of their servers got hit in one attack.
8 Restore Your Files from Your Backup
If you were one of the companies that were prepared and had a backup of all your files, then once you’ve cleaned the ransomware from your system, you can restore your data from the backup.
9. File a Police Report
Many small businesses skip this important step. They figure and there’s nothing the police can do about a hacker in another country.
But reporting incidents is important so authorities can keep track of how many attacks are happening because what their nature is so other businesses can be warned of the threat.
10. Prevent a Future Ransomware Infection
Once you’ve gone through a ransomware attack because you never want to repeat it and it’s important to put safeguards into place and use what you’ve learned to strengthen your defenses.
Strategies for preventing a ransomware infection include:
- Using quality malware protection that can identify a threat and stop it.
- Training your employees on how to spot phishing and avoid it.
- Ensuring you have solid backups both onsite and offsite that are checked daily to ensure they are backing up properly.
- Using an anti-phishing/anti-spam software that can quarantine suspicious messages and keep them out of user inboxes.
- Regularly testing the recovery of your backups to ensure integrity.
- Use a managed IT security plan that ensures your network is monitored 24/7 for any threats.
Is Your Network Security Prepared for Ransomware?
Just one accidental click on a phishing link can cause an entire office to become infected with ransomware. Don’t chance it… get a security assessment from RCOR. We’ll let you know how to secure any network vulnerabilities.
Schedule a free IT security consultation today by calling 919-263-5570 or contacting us online.