How to prevent and recover from ransomware

Imagine this scenario: Your corporate systems are down and your critical files are locked due to one of everyone’s worst nightmares - a ransomware attack. You’re scrambling to recover your data, get back online and resume business operations as quickly as possible to minimize costly downtime and uphold your company’s reputation. 

 At that moment - and for good reason - you would likely feel as if the entire world were crashing down on you when a ransom note appeared on your computer screen, rendering your systems inoperable. Hopefully you’d be equipped with the knowledge and resources necessary to minimize damage and experience a rapid, complete recovery. 

When it comes to ransomware, it pays to be prepared - and it costs to be caught off guard. Let our experts provide you with advice and guidance on how to smoothly and successfully get back on your feet in the unfortunate event that you do get hit with ransomware - and on measures you can take to prevent an attack in the first place.

 

Ransomware 101

First - let’s review the basics. Ransomware is a type of malware - most commonly delivered via a malicious attachment in a phishing email -  that is designed to block access to a computer system until specified ransom (in the form of untraceable Bitcoin) is paid to attackers. This malicious software encrypts a victim’s files until he or she has made the payment demanded by the attacker. Ransomware consistently dominates security news headlines and in 2019 a new business fell victim to this malicious, costly threat every 14 seconds.

 

Ransomware Carries Heavy Costs for Businesses - Especially SMBs

Ransomware has the power to shake any organization to the core with significant, costly downtime, data loss, reputation damage - and in many cases, permanent business closure. Ransomware risk is disproportionately large for SMBs, who often lack adequate cybersecurity resources and inaccurately assume that they are “too small” to be a target of ransomware. Ransomware attacks cost smaller companies an average of $713,000 per incident (a combination of the expense of downtime and lost business due to reputational harm) - and 60% of SMBs go out of business within six months of experiencing an attack.

 

Ransomware Recovery & Removal: Our Top Tips & Advice

In the event that you experience a ransomware attack, fast, intelligent action is the best way to efficiently recover locked files and get your systems up and running again - mitigating damaging, costly downtime. Here are the steps you should take if you ever fall victim to ransomware.

Work with a Firm that Specializes in Ransomware Recovery

First and foremost, enlist a team of experts. A ransomware recovery firm will be able to thoroughly evaluate the situation, provide you with an individualized step-by-step recovery plan and assist you in the recovery process. They should also be able to advise you on whether or not you should consider paying the ransom. (It should be noted that it is now illegal to pay ransom to hackers who are subject to U.S. sanctions - whether or not the victim or facilitators are aware of these sanctions.) 

Notify Regulatory Agencies of the Incident Immediately 

The FBI’s Internet Crime Complaint Center (IC3) should be the first agency alerted. Local law enforcement should be next in line. If your organization is in a governed industry, there may be specific guidelines regarding who to inform of the attack and when to inform them.

Record the Details of the Ransom Note that Appears on Your Screen

Not only does this note contain information that you will need should you decide to pay the ransom, it will also help recovery teams you engage determine which strain of ransomware hit you. In some cases, ransomware recovery experts can use details provided in this note to find an existing decryption key.

Disconnect the Compromised Device from Your Network - And Don’t Erase Encrypted Files!

Immediately disconnecting the affected devices from your network will help protect backups you’ve (hopefully!) created. That being said, don’t turn the device off. It may contain data needed for forensic analysis.

Also, be sure not to erase encrypted files. The recovery service that you hire will need something to recover. In addition, experts may be able to use the files to help determine what strain of ransomware hit you, which can aid in recovery.

Once systems are up and running again, be sure to erase any traces of the attack by doing a complete wipe and restore.

Critically Important - Learn from the Incident! 

Perform follow-up tasks to prevent future attacks. Evaluate your organization’s cybersecurity strategy and correct any vulnerabilities that led to the attack in the first place. Ensure that you have a proactive, layered cloud email security solution in place to prevent the delivery of ransomware emails and other malicious threats to your users, your data and your business.

 

Prevention Is Far Better than Remediation 

Although recovering from a ransomware attack is possible with a combination of luck and informed, intelligent execution, ransomware recovery is not a pleasant process and offers no guarantees. A disheartening number of ransomware victims face lasting repercussions - unable to recover encrypted files, regain access to compromised systems and build back lost client trust.

Thus, when it comes to ransomware, phishing and other dangerous cyberattacks, prevention is far better than remediation. No business can afford to suffer the consequences of a ransomware attack due to inadequate email security defenses. As digital threats continue to evolve, effective email security has become increasingly crucial to business success

Fortifying email in this heightened digital threat environment requires a defense-in-depth approach to security - no single piece of security software alone is able to reliably detect and block today’s array of sophisticated email attacks. We recommend that businesses implement layered, real-time email security defenses accompanied by the ongoing, expert management, maintenance and support required to ensure email continuity and safeguard their most critical assets.

 

Have additional questions about ransomware prevention or recovery? Leave a comment below and one of our security experts would love to help you out. Ready to partner with an industry leader in securing your users, your data and your brand against ransomware and other disruptive, costly attacks? Let’s get in touch.>

Blog Articles