Beyond the Ransom: Dealing with Ransomware’s Aftermath

Ransomware is on the rise. The estimated 304 million worldwide attacks in 2020 represented a 64% increase. These attacks are growing more costly, too. Ransomware payouts jumped 171% from 2019 to 2020. For businesses in any industry, ransomware is a real threat, and recovery is more taxing than you might think.

With ransomware, bad actors infiltrate your devices or systems and encrypt your files. They demand a ransom in exchange for the decryption key that lets you get back to work. This type of cyberattack is always evolving. If you haven’t been compromised yet, you may want to think of it as only a matter of time.

What to do About Ransomware

There are many ways to cut your risk of becoming a victim of a ransomware attack. These include:

• educating your employees in security awareness;
• securing email gateways;
• limiting remote access;
• using multi-factor authentication;
• monitoring remote access points;
• keeping up with cybersecurity to identify threats.

You’ll also want to install antivirus protection and keep your software patched and up to date.

Maintaining encrypted backups offline can also offer reassurance that you can recover from a ransomware attack.

Recovering from a Ransomware Attack

Protection is essential, but that’s not going to stop the attackers from trying to infect your systems. If your business is compromised, you’ll have to decide whether or not to pay the ransom to unlock your data.

Yet “to pay or not to pay” is not the only consideration when it comes to recovering from a ransomware attack.

First, you need to get to the bottom of the attack and learn how the malware was deployed. Attackers may have used a phishing strategy or exploited weak remote access controls. Find out where they got in and how they moved within your system.

You’ll want to report what you know about ransomware to law-enforcement agencies. If you are in an industry with compliance regulations, you may need to report there, as well. Acknowledging the ransomware may hurt your business reputation, you can at least help others learn about new threats.

You may also need to contact your clients, depending on the laws in your country. You will need to tell them about the hack and what data was released (if any). You might also warn them against opening emails from your business, as they could be compromised.

After the initial steps of recovery, you’ll also need to hunt for any malware remnants on your systems. The ransomware is the final payload, but the attackers would have used a delivery mechanism such as Trickbot, Emotet, or Qakbot. If you don’t discover this malware and get rid of it, you could be a victim of ransomware again.

MSPs Help Combat Ransomware

Managed service providers can support your cybersecurity efforts. They can monitor your systems and keep patches and antivirus software current. They can also manage the backups which are key to a successful recovery. Contact us today to book an appointment.