How to Protect Your Business and Recover from Ransomware Attacks

A ransomware attack just hit your business…

…now what?

Some might be inclined to panic and pay the ransom to the attackers in hopes of a quick resolution. But there are more effective and affordable ways to deal with these incidents.

Many organizations are having to deal with ransomware—and it’s no small matter. These types of attacks, which typically encrypt files on a company’s systems and demand a ransom to decrypt the files, can wreak havoc by making user devices and servers unavailable for substantial periods of time. In many cases, the data is never recovered, even when the ransom is paid.

They can also be costly, both in terms of ransomware payments and lost business from downtime. The U.S. Department of Justice has described ransomware as a new business model for cybercrime and a worldwide phenomenon. Cybercriminals who launch these attacks know that most companies can’t conduct business if they don’t have access to their networks, data, or servers.

The FBI has estimated that ransomware attacks result in demand payments totaling as much as $1 billion each year. And the attacks are becoming increasingly sophisticated and targeted toward particular types of companies and sectors.

The FBI team working on investigations in the office
FBI statement release, October 2019:

“Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent."

In October 2019, the bureau issued a public service announcement warning that high-impact ransomware attacks threaten U.S. businesses and organizations. “Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent,” the FBI says.

Since early 2018, the losses from ransomware attacks have increased significantly, according to complaints received by FBI case information. Although state and local governments have been particularly visible targets for ransomware attacks, hackers have also targeted health care organizations, industrial companies, and the transportation sector.

With the rise of the Internet of Things (IoT), edge computing, and mobile devices in the workplace, the potential attack surface for ransomware continues to grow.

Steps to Creating a Ransomware Recovery Plan

The good news is that companies with a backup solution in place can take steps ahead of time to help them recover from these ransomware attacks when they occur.

  • The first step is to determine the precise date and time of the attack. With protected data, this will help you restore files from before the attack took place. Record when the attack began and what happened as it unfolded. This information can help identify the most recent uninfected files and what kind of ransomware attack was launched.
  • Next, as a precaution before restoring files, remove from existing archives the file that was the source of the ransomware as well as any files with known ransomware file extensions. Removing these files helps ensure that you don’t reintroduce infected files during restoration. Given that creators of ransomware have become more adept at engineering their tools, it’s best to make sure that devices are completely free of infection—something that’s not guaranteed when simply removing the ransomware.
  • Following this, the security team needs to follow the organization’s process for obtaining new systems to replace the ones impacted by the ransomware attack. Rather than trying to remove the malware from the affected devices, it makes more sense to quarantine the devices and prepare new ones as replacements.
  • The next step is to download files to the new devices from a date and time before the ransomware infection occurred. It’s important to remember that restoring from the most recent date and time stamp might cause a new machine to be infected with the same malware.
  • Finally, report any ransomware attacks to authorities. Regardless of whether a company has decided to pay a ransom, the FBI urges businesses to report ransomware incidents to law enforcement. Doing so provides investigators with the information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.

For more information about what your company can do to protect against data loss due to ransomware and to recover your data after an attack, click here.

Sign up for our newsletter for more tips and tricks

By completing and submitting this form, you confirm that you agree to the storing and processing of your personal data by Code42 as described in our Privacy Statement.