ransomeware attack

Ransomware: What it is and how you can stop it

Small- and medium-sized businesses are hot targets for cybercriminals. They hold valuable data but typically lack the enterprise-grade security of larger organizations.

Using malicious software called ransomware, hackers can infiltrate business networks and data centers, put them on lockdown, and demand payment. In this article, we’ll examine ransomware in a little more detail. We’ll discuss what it is, how it works, and how you can prevent it.

Let’s jump right into it.

What is ransomware?

Ransomware is a highly successful type of malware that uses increasingly sophisticated encryption techniques to hold data for ransom. In other words, they deny the user access to their computer files and ask for a payment in return for the data held hostage.

Targets include SMBs, as well as higher-profile victims like public schools, police departments, government agencies, and even hospitals.

How does ransomware work?

Typically, ransomware spreads by exploiting security vulnerabilities – often via spam or phishing emails or ‘drive-by’ downloads. Ransomware is always evolving. Cybercriminals are tech-savvy and they have the skills and motivation to modify their software to overcome new security best-practices.

Once installed, the ransomware locks all the files that it can access. Then, it demands a ransom – usually payable in bitcoin – to decrypt the files and restore operations. It’s important to note that victims that pay the ransom don’t always regain access to their data. That being said, many see no other option. The city of Atlanta, for example, paid an estimated $17 million to recover from a ransomware attack last year.  

How to protect your business against ransomware

Ransomware is rampant. Here are a few tips you can use to protect yourself and your business against these nasty attacks.

Keep your information private

Never offer personal information (passwords, bank account details, addresses, etc.) via email, unsolicited phone calls, instant messaging, or text. Phishers attempt to trick unsuspecting individuals into divulging critical information that would give them access to business networks.

Use an email filter

Your IT service provider can install a robust email filter that will eliminate the vast majority of scam and spam emails before they even reach your employees’ inboxes. The filter will detect threatening attachments and suspicious email addresses in both incoming and outgoing emails.  

Ensure all software is up-to-date

Software updates typically include security patches that mitigate new or evolved threats. If you fail to update your software, you are leaving your network vulnerable.

Invest in antivirus software

Antivirus software is critical to any business’s security strategy. It doesn’t, however, mean that your network is 100 percent immune to malware. Even with security software in place, you still need to be aware and cautious.  

Don’t connect to public Wi-Fi networks

If you work on-the-go, avoid connecting to public Wi-Fi networks – they just aren’t secure. Instead, use your cell phone as a data hotspot.

I’ve been attacked by ransomware – now what?

If you or one of your team members has been attacked by ransomware, we suggest following the steps below.

  1. Isolate the infection. Malware spreads like wildfire. Keep the infection contained by disconnecting infected devices from each other, your Wi-Fi, and shared storage systems.
  2. Identify the malware. If possible, determine the precise malware type you are dealing with. If you have IT support at the ready, contact them.
  3. Determine the best way forward. Deciding what to do next is usually best left to the professionals. You could pay the ransom, but there is no guarantee you’ll regain access to your data. Your tech team could attempt to remove the ransomware, but that isn’t always possible. Weigh up the pros and cons and decide on the best path forward.
  4. Restore your data. If getting rid of the ransomware meant wiping the device, it’s now time to restore your latest backup.
  5. Learn from the experience. How did the device become infected? What went wrong? How can you prevent future attacks? You might like to perform an updated cybersecurity risk assessment.

If you have any further questions, feel free to contact us at ICS Data. We would be glad to provide you any additional information.