Not that long ago, the CryptoLocker ransomware virus was all over the news, infecting over 250,000 computers in its first 100 days of release (at least that’s the number reported— the real numbers are probably MUCH higher). The threat was fairly straightforward: Pay us or we’ll delete all your data.
Ransomware is designed to prevent the attacked from accessing files or information in their own systems until money is paid to the attacker. After your files are compromised, the hackers behind the attack send y
ou a pop-up demand screen, asking for payment within a set time frame in order to get the key to decrypt your own files. The last CryptoLocker virus forced many business owners to lose data or pay up since there was no other way to decrypt the files. Unfortunately, if you’ve become a victim of ransomware, options will feel limited and you’ll struggle to wrap your head around the situation while maintaining your organizational operations, and every moment that passes will put further pressure on you and your organization.
You may make the call to pay the hacker, and if you do, know that you aren’t alone in that decision. However, there are even repercussions to that. You may figure that paying the ransom will make them go away, and you can focus on your cybersecurity afterwards. This is simply not true. Once you’ve become a victim, it becomes a snowball of problems, getting bigger and bigger.
For one, you’ll have to face the public. Your customers need to know that their data was put at risk and possibly stolen, and that information will only spread to potential customers and competition. You will be judged for a long time after the fact, let alone the fines you may have to pay for legal settlements and more. Second, you are now susceptible to more attacks. After an attacker has successfully executed a ransomware attack on an organization, who’s to say they won’t try again? A hacker who gets into your system could map the entire system and network, and then create a backdoor for themselves. They may predict that you’ll beef up security afterwards, and make it so that they can still gain access. It gets messy as soon as a hacker knows you’re vulnerable-- you won’t know you’re vulnerable until it happens. You are then left to clean up the mess and pick up the pieces, only for them come in and make another mess later. Many small businesses don’t have other options, and end up paying in order to move past the situation. You may have no choice, and that’s part of what the hacker planned.
Hackers don’t have to be incredibly smart to be able to plan and pull off ransomware or phishing attacks. In fact, most of the time they’re relying on you being unsuspecting, gullible, and lazy about your cybersecurity efforts. All they have to do is enough research on you or the business where you work, and if you have lighter cybersecurity measures or IT in place, for them to determine whether or not you’re a worthwhile target. They also don’t need to be a tech-savvy hacker to employ these types of attacks— software that can help them can be purchased off the dark web, and can be incredibly easy to use. There are lots of things that can make a hacker’s life easy when it comes to targeting their next victims, and it’s our responsibility to be one step ahead so we don’t end up being that victim!
“An eMarketer chart published in January 2020 found that 48% of senior executives at midsized companies feel malware and ransomware are their greatest cyber threat. Despite the recognition of this threat, only 45% have a contingency plan in place should an attack occur. What’s more, only 47% have proactive countermeasures in place of an attack and 37% hired an external consultant to identify threats. This poses a challenge: the threat is real and recognized, but is enough being done to protect one’s business from an attack?” (“Defending Yourself from Ransomware” 2020)
First and foremost, you must begin by having the right mindset: that you are always at risk. Which means acknowledging the threats out there and understanding where these threats can come from. You need the right expertise in place to evaluate, understand, and identify potential breach points or areas of exposure in your infrastructure. And never assume you’re too small to be attacked.
Second, you should create a response plan. You need to be ready at a moment’s notice. Do not confuse this with having anxiety and being fearful of the possibility of being attacked. Think of it as having an escape route when there’s a fire in the building. You need to know who to notify, when they should be notified, and what actions need to be taken to lock down the threat, secure your systems, and mitigate any potential issues before they spiral. Also, make sure to update these plans routinely—technology changes, and your plans need to change in order to adapt accordingly.
Third, you and you team need training! How can you be sure that your strategies are being executed properly if you and your team don’t know how to identify threats? Everyone who has access to your system needs to be trained on how to spot potential threats, such as suspicious emails or solicitors, phishing, social engineering attacks, and more. You should also make it a point to practice and review this on an annual basis. It’s important to not view cybersecurity training as unnecessary— not everyone is on the same page when it comes to knowledge about cybersecurity or is able to easily identify threats. It also sets an example and shows everyone your diligence, how much you value security, and that it’s taken seriously.
Fourth, get the right technology and strategy in place. Look into technology that you can utilize to help keep things secure. This can include next gen firewalls, endpoint security with anti-ransomware capabilities, email security, file encryption and more. Outdated technology is a potential threat, but inadequate (or nonexistent) user training creates the weakest link in your IT chain, so make sure you’re staying up-to-date with training and technology.
And finally, you need to be actively backing up your data. It can be critical to maintain a full, daily backup of your data off-site, so that if you do get whacked with ransomware you can recover all your files without having to pay a thin dime. Don’t forget to back up off-site PCs, laptops, remote offices and third-party software data stored in cloud apps as well!
While there’s no guarantee that you will never get infected with ransomware, you can rest easy knowing you’re putting your best effort into protecting your business from ransomware attacks (and lessening the impact of one), by employing these strategies.
