We often discuss how your business can avoid the impact of ransomware, but what we don’t often discuss is what happens to businesses that do, in fact, suffer from such a devastating attack. We want to use today’s blog as an opportunity to share what your business should (and should not) do in the event of a ransomware attack, as well as measures you can take to avoid suffering from yet another in the future.
If you suddenly get a message from a ransomware attacker claiming that the files on your computer have been locked down, first of all, don’t panic. Ransomware is scary, but there is a chance that the attacker really hasn’t infected your device. Some recent threat actors have been able to make a quick buck with “fake ransomware” attacks, where the threat is so dangerous that they can make money just from the panic these attacks can create.
Also, you absolutely should not pay the ransom without first consulting your trusted IT resource. You don’t know if the situation is out of control just yet, so it’s best to not make any impulsive decisions. Paying the ransom only proves that ransomware is effective and further funds future ransomware attacks against other businesses like yours.
Regardless of the extent of the attack, your business needs to contact its trusted IT resource to accurately gauge its impacts. Depending on how bad it is, you might be able to get away with restoring a data backup to a point before the ransomware attack struck. If the hacker is using double-extortion methods, however, this might not be possible. Either way, you don’t want to take action until you have had a discussion with your IT resource about what to do. There is almost always another option available, so you want to know what these are before you commit to any one in particular.
Obviously you don’t want to suffer from another ransomware attack in the future, so it’s best practice to prevent these types of threats from infecting your infrastructure in the first place. You can do so with comprehensive security measures designed to keep threats out of your systems. Furthermore, we recommend that you implement multi-factor authentication and train your employees to identify threats. Doing so can keep your employees from making silly mistakes due to social engineering attacks, as well as limit user access controls in the event someone does slip up.
SouthBridge Consulting can help you implement any measures needed to keep ransomware at bay, including cybersecurity training for your business’ employees so they are more cognizant of the threat in the future. To learn more, reach out to us at 281-816-6430.