Ransomware is not something new in cyber security. It’s been around for years not, landing in the news for disruptions to the healthcare industry in 2020, WannaCry in 2017, and recently, the attack that impacted Colonial Pipeline.
According to the State of Ransomware Survey & Report 2021, 64% of organizations were victims of ransomware in the last 12 months. The amounts asked as ransoms are also reaching new heights and have gone as high as $50 million—the most enormous attempted ransom ever. Ransomware causes unbelievable impacts that interrupt business operations and permanent data loss. Ransomware causes:
- Business downtime.
- Reputational loss.
- Revenue loss.
- Productivity loss.
- The loss, or public release of business-sensitive information.
If you pay the ransom, you have that added cost, and you’re likely to have residual malware infections and disruption following the attack.
Recovering From Ransomware Attacks
Even with the recommended protection measures may be in place, a ransomware attack against your organization might still succeed. Organizations can prepare for this by ensuring that their information will not be corrupted or lost and that regular operations can resume rapidly. NIST recommends organizations follow these steps to fast-track their recovery:
➔ Avoid the infection to spread by separating all infected computers from each other, sharing storage devices, and the network
➔ From messages, evidence on the computer, and identification tools, determine which malware strain you are dealing with
➔ Report to the authorities to support and coordinate measures to counter-attack
➔ Keep an up-to-date list of external and internal contacts for ransomware attacks, including law enforcement, and understand the role of each contact in recovery efforts
➔ Develop and implement an incident response plan with defined roles and strategies for decision making, then exercise that plan regularly.
➔ Wisely plan, execute, and test a data backup and restoration policy regularly. It’s essential to securely back up all your important data and verify that backups are kept remotely so ransomware can’t readily spread to them.
Best Practices to Defeat Ransomware
➔ Make use of antivirus software all the time—and make sure to set it up to automatically scan your emails and removable media (e.g., flash drives) for ransomware and other malware.
➔ Try to take the help of cybersecurity solutions or products that help you block access to known ransomware sites on the internet.
➔ Use standard user accounts in place of accounts with administrative privileges, whenever possible.
➔ Keep all computers fully patched.
➔ Avoid using personal applications and websites from work computers, such as email, chat, and social media.
➔ Configure operating systems or use third-party software to allow only authorized applications to run on computers, thus preventing ransomware from working.
➔ Avoid opening files, clicking on links, etc., from unknown sources without first checking them for suspicious content. For example, you can run an antivirus scan on a file, or look at a link to see if it goes to the site it claims to be going to
➔ Restrict or prohibit the use of personally owned devices on the organization’s networks and for telework/remote access without taking extra steps to assure security.
Businesses without their own dedicated cybersecurity professionals must establish relationships with third-party cybersecurity service providers. There are many companies providing cyber security solutions in Pakistan to assist your business in protection against ransomware and prepare you to recover from any cyber incident.