It’s a Tuesday morning after a long weekend. You come into the office and note that a couple employees are struggling to log into their machines. You don’t think much of it. You go to your office, set your coffee down, and try to log into your desktop. It fails. 

Your first thought is that your whole day just went sideways. That’s just the start of it.

The Day-One Panic of a Ransomware Attack

Whenever your organization has to face some kind of crisis, it always disrupts the normal workflow. In the event that your network is down, or you can’t access files or a particular application, you are basically left to struggle until normality is restored.

Ransomware is based on this principle. Cause enough of a problem for an organization, and that organization might be desperate enough to pay just to get back to normal.

We’ve covered ransomware a lot, but just a quick recap—ransomware is a type of malware that spreads very quickly across a computer or a network of computers. It looks for all data—documents, files, invoices, PDFs, databases, spreadsheets—then it encrypts that data.

Essentially, it rewrites all of your data based on a long, complex password known as an encryption key, and if you don’t know the encryption key, you can never access your data. The ransomware essentially gains full control over all of the company data it can find.

The ransomware then typically promises to do one of two things, although including both has become a common trend: 

1. Delete your data after a certain amount of time unless you pay a ransom.
2. Steal your data and release it publicly after a certain amount of time unless you pay a ransom.

There are a few different ways cybercriminals run this type of attack. Sometimes it blatantly takes over your computer and locks you out, other times it happens without you even knowing, and the cybercriminal then contacts you. There are some strains of malware that look like ransomware, but just blatantly delete your data and still try to get you to pay a ransom despite there being no chance of getting anything back.

At this point, nobody in your company can really get anything done—not if they need to use a computer or access data to do it. Depending on how your IT is being handled, you are likely looking at a frustratingly long resolution time.

Most Ransomware Can’t Just Be “Removed”

A computer virus or malware can usually get picked up in a virus scan and get quarantined and eliminated. Ransomware doesn’t work that way. It makes fundamental changes to all of your data very rapidly. It suddenly says, “Hey, I own all of this, and nobody else is allowed to open it, read it, or access it in any way unless I say so.”

Unfortunately, unless you can get the encryption key (which the criminals won’t give you unless you pay them the ransom, and often not even then) or you are willing to wipe everything and start from a backup, you have extremely limited options.

If your backup isn’t up-to-date, or your backup also gets corrupted by the ransomware, or you simply don’t have a backup (a major sin when it comes to managing a business), then you are at the mercy of the cybercriminals.

This goes without saying, but you don’t want to be at the mercy of criminals.

Let’s Assume Your Business Has a Backup

Okay, so after a day of nail-biting, and several hours of data restoration, your staff can struggle to get caught back up. You didn’t pay the ransom, and your backup saved the day. You are one of the lucky cases, but you aren’t out of the woods.

Remember, we’re dealing with criminal scam artists. They’ve heard of backups before.

At this point, you’ve recovered your data, but it’s very possible that your data was breached and stolen. It’s likely that you aren’t done with the nightmare yet, not by a long shot.

On top of that, ransomware and other malware spreads quickly, and often has multiple contingency plans if it gets removed. Most businesses that suffer from one ransomware attack have a very good chance of suffering from a subsequent one.

In other words, you are dealing with a longer road of hardship than you might think. You might need to deal with additional disruptions to your business over time until you can truly squash out the source, or you might have to deal with the PR nightmare of your data being breached. Depending on the nature of your business, what states you do business in, and what kind of data is breached, you likely have to notify any customers or clients that are affected, notify local authorities, and do a whole lot of damage control. 

Your Organization Should Take Measures to Prevent Ransomware

Clearly, ransomware isn’t something that you want to have to deal with—no cyberattack is. However, reducing the likelihood that you will need to at some point will ultimately take some doing.

• Invest in comprehensive backups that comply with assorted best practices. We’ve spoken about how important your backups are in the past, and we’ll keep doing it long into the future. If you are infected with ransomware, the simplest, best, and most effective course of action is generally going to be to completely and totally wipe your infrastructure and restore it all from a backup. This means you need to be maintaining backups that are comprehensive enough to replace it all, storing multiple past versions to increase the likelihood that you have a clean copy saved.
• Invest in training your team to avoid the behaviors that let ransomware in. Ransomware is often closely associated with threats like phishing, and for good reason—the latter is often the means the former uses to gain access in the first place. Therefore, if your team is better prepared to avoid threats like phishing and understand the best practices they are expected to follow, you’ve significantly reduced one aspect of your risk.
• Invest in improved cybersecurity tools. One reason that ransomware is so often shared via phishing is because this approach allows a cybercriminal to bypass any other security tools a business may have protecting its network. Hopefully, I don’t need to go into detail in regards to why it is still important to have these tools—firewalls, antivirus, and others—in place, and can just remind you that without them there, there’s nothing to stop such threats.

Obviously, this is an important process, but that being said…it does take a lot of time to properly implement—time that would, could, and by some measure should otherwise be spent on your business’ intended operations. That’s why we’re here to help.

Able to either supplement or completely take over the management and maintenance of your business’ IT, cybersecurity serves as the foundation for every action we’ll take. When it only takes one issue to do irreparable harm to a business, minimizing these issues is critical. Give us a call at (410) 531-6727 to learn how Dresner Group can help you ensure your business’ productivity and security for the long haul.