If you’ve seen the news lately, you’ve probably seen the same type of story playing out over and over – ransomware attacks from cyber criminals targeting all sorts of businesses and organizations.
No organization is too large or too small to be a possible victim of a ransomware attack. If there’s a potential reward, nothing will stop cyber criminals from holding your company or organization hostage. Regardless of whatever business you’re in and whoever you work with, you need to be aware of what ransomware attacks are, how to prevent them and what to do if you do become a victim.
What is Ransomware?
Ransomware attacks involve cyber criminals infiltrating your systems and stopping your business operations until a ransom is paid. These cyber criminals restrict access to your data, either by encrypting it or locking you out of your systems and devices. Ransomware targets your data, including anything from your files to critical system operations. Almost all ransomware attackers will provide a ransom note indicating their demands, and the ransom is usually requested in untraceable online currency, like bitcoin.
Falling victim to a ransomware attack can have serious consequences, but there are steps your organization can take to limit the risk.
Here’s a quick rundown:
1. Provide security awareness training for all employees
The most common way ransomware infiltrates systems is through scams like phishing. Cyber criminals will convince individuals to download an attachment or click a link that is malicious and contains ransomware. The infection will then spread throughout the organization’s network. Make sure all employees know the signs to watch out for and what to do if they do encounter a phishing message.
2. Update your operating system and apps
Updates help keep your software secure with the necessary security patches and vulnerability repairs. Enabling automatic updates is a great way to make sure you’re not missing any updates and patches that become available.
3. Limit access to those who need it
Make sure that access to programs and software is limited to only those who need it and only as much access as they need. This is especially important when it comes to admin access. Limiting access reduces your risk.
4. Install anti-virus software
Anti-virus software can protect your systems from malware, like ransomware, that might slip through your other cyber security precautions. Think of it as a last line of defence. Just make sure the software you download is legitimate - some cyber criminals will disguise malware as anti-virus software.
5. Use Multi-Factor Authentication (MFA)
Enable multi-factor authentication (MFA) on your accounts whenever it is available. An additional authentication factor, such as a biometric or token, may prevent a cyber criminal from gaining full access to your accounts even if they are able to download ransomware onto a device.
6. Back up
It’s important to frequently back up data and store it offline. If you back up online, it could be compromised in an attack. Local offline backups (backups that are stored within the physical space of your organization but are not connected to your organization’s electronic systems) more secure and make it easier to return to normal faster if an attack does happen.
Run some simulations with your team. If everyone is aware of ransomware threats and knows what to do if they come across one, it will help your organization manage the situation and recover more smoothly.
Nobody wants a ransomware attack to happen, but it’s a scenario you need to be prepared for. If an attack happens, don’t panic. Here’s some steps to take to protect yourself:
1. Isolate the device immediately
Ransomware usually tries to spread between devices connected to either the internet or internal systems. Make sure to disconnect the infected device(s) immediately to avoid spread. You may also need to take your network offline and remove all internet connectivity until you are able to determine the scope of the attack.
2. Identify the type of ransomware
If you’re able to identify the specific type of ransomware, you may be able to remove it with online research. Look for clues like names of URLs or files the attackers are using in order to try and identify the ransomware type and possible solutions.
3. Reset the device and wipe all data
If you’re unable to find the exact type of ransomware or a solution online, you’ll need to reset the device back to factory settings. Once this is done, you can restore the data from the most recent local backup. After resetting the device, you should scan it for any lingering viruses or malware. You should also scan your backup files to ensure they have not been infected.
4. Update the device
When your device is back up and running, make sure you’ve updated all software, including your anti-virus software, firewall and firmware.
5. Change all passwords
You never know what data has been compromised in a ransomware attack. Make sure to change all passwords that may have been in jeopardy, especially those for administrative accounts.
6. Report the crime
Report the crime and the details of the attack to your local police department. You should also report the attack to the Canadian Anti-Fraud Centre and Canadian Centre for Cyber Security. It might help protect another business, or even yours, from the same attack in the future.
7. Learn from the experience
Take a moment to see if there were any flaws in your cyber security approach that led to the attack. Make sure everyone knows the proper prevention measures that are in place and implement new ones if needed.
Ransomware attacks are happening more frequently and pose a serious threat to all organizations. It’s important to know what ransomware attacks are, how to protect yourself against them and what to do if you become a victim. Understanding ransomware prevention measures will decrease your risk of a possible attack. In the event you do become a victim, the consequences will be reduced because you practiced good cyber hygiene.
For more detailed information on ransomware attacks, check out these resources from the Canadian Centre for Cyber Security.