Ransomware Protection & Recovery

Understanding and Responding to Ransomware

To protect your business against ransomware attacks, understand risks like spearphishing, and use firewalls, strong passwords and business continuity planning.  

Protect Your Albany Businesses From Ransomware

In ransomware attacks, malware masquerading as legitimate files often tricks users into downloading or opening malicious email attachments. One misstep — by just one of your employees — and you may find yourself paying a ransom in Bitcoin to unlock your network. Here’s what you need to know to protect your systems and sensitive data.

What Is Ransomware?

Ransomware is a malicious form of software that cybercriminals use to lock data and systems — denying access to their owners in the process. As the software attempts to further spread itself within the network and attached storage drives, the responsible criminals demand that owners pay a ransom to stop the attack and unlock the system. If the system owner fails to pay, the attackers leave the system locked or, in some cases, delete the data.

The malicious software used in ransomware attacks often arrives via “spearphishing” — targeted email or messaging attacks that use victims’ personal details, including hometown, friends and recent online purchases. Armed with this seemingly hard-to-acquire information, cybercriminals gain trust, as well as the access they seek.

After locking users out of their systems or data, cybercriminals demand payment — often via a cryptocurrency like Bitcoin — to rectify the situation.

Ransomware Protection & Recovery

To protect your organization against ransomware attacks, ensure that your team members understand the risks. In many cases, cybercriminals get into networks by tricking individual users into clicking on malicious attachments or disclosing passwords.

Employees should understand the danger in clicking on unexpected email attachments, as well as clicking on links that arrive in email or via a messaging system.

In addition to promoting awareness, you can implement a range of preventive measures to help protect your networks and data. Consider the following steps:

• Set up strong firewalls to keep out traffic from certain IP addresses that may pose threats.
• Use software to authenticate incoming emails, filter spam — which can stop many phishing emails from getting to your employees — and scan all outgoing and incoming messages to remove risky executable files.
• Keep all software updated with the latest security patches.
• Use password best practices, and monitor use of privileged accounts.
• Implement controls to prevent automated launching of certain programs and types of files.
• Back up data regularly to secure locations, and test backups and your organization’s restoration procedures.

Responding to a Ransomware Attack

If your organization has a business continuity plan in place, a ransomware attack is the time to put it into action. As soon as possible, change all passwords — both for networks and individual user accounts.

Depending on the complexity of the attack, your IT team will need time to isolate infected machines and respond appropriately. In the meantime, take the necessary steps to keep the key functions of your business operational. If you have safe backups that you are sure have not been compromised, you can use them to restore critical data and applications.

Before paying any ransom, consider the potential risks. Even if the ransomware attack has paralyzed your essential business operations, the consequences of paying the cybercriminals could be even worse. Paying a ransom does not provide you with a guarantee of unlocking your data or networks. In addition, some victims of ransomware attacks report being attacked again after paying a ransom.

Giving in to demands for a ransom also helps perpetuate ransomware attacks. If your business has experienced a ransomware intrusion, reporting the incident to law enforcement is vital.